b'<html>\n<title> - SPAM (UNSOLICITED COMMERCIAL E-MAIL)</title>\n<body><pre>[Senate Hearing 108-968]\n[From the U.S. Government Printing Office]\n\n\n                                                        S. Hrg. 108-968\n \n                  SPAM (UNSOLICITED COMMERCIAL E-MAIL)\n\n=======================================================================\n\n\n                                HEARING\n\n                               before the\n\n                         COMMITTEE ON COMMERCE,\n\n                      SCIENCE, AND TRANSPORTATION\n\n                          UNITED STATES SENATE\n\n                      ONE HUNDRED EIGHTH CONGRESS\n\n                             FIRST SESSION\n\n                               __________\n\n                              MAY 21, 2003\n\n                               __________\n\n    Printed for the use of the Committee on Commerce, Science, and \n                             Transportation\n\n\n       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION\n\n                      ONE HUNDRED EIGHTH CONGRESS\n\n                             FIRST SESSION\n\n\n\n\n\n                  U.S. GOVERNMENT PRINTING OFFICE\n85-548                    WASHINGTON : 2013\n-----------------------------------------------------------------------\nFor sale by the Superintendent of Documents, U.S. Government Printing \nOffice Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC \narea (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC \n20402-0001\n\n\n\n                     JOHN McCAIN, Arizona, Chairman\n\n\nTED STEVENS, Alaska                  ERNEST F. HOLLINGS, South \nCONRAD BURNS, Montana                    Carolina, Ranking\nTRENT LOTT, Mississippi              DANIEL K. INOUYE, Hawaii\nKAY BAILEY HUTCHISON, Texas          JOHN D. ROCKEFELLER IV, West \nOLYMPIA J. SNOWE, Maine                  Virginia\nSAM BROWNBACK, Kansas                JOHN F. KERRY, Massachusetts\nGORDON H. SMITH, Oregon              JOHN B. BREAUX, Louisiana\nPETER G. FITZGERALD, Illinois        BYRON L. DORGAN, North Dakota\nJOHN ENSIGN, Nevada                  RON WYDEN, Oregon\nGEORGE ALLEN, Virginia               BARBARA BOXER, California\nJOHN E. SUNUNU, New Hampshire        BILL NELSON, Florida\n                                     MARIA CANTWELL, Washington\n                                     FRANK R. LAUTENBERG, New Jersey\n      Jeanne Bumpus, Republican Staff Director and General Counsel\n             Robert W. Chamberlin, Republican Chief Counsel\n      Kevin D. Kayes, Democratic Staff Director and Chief Counsel\n                Gregg Elias, Democratic General Counsel\n\n\n\n                            C O N T E N T S\n\n                              ----------                              \n                                                                   Page\nHearing held on May 21, 2003.....................................     1\nStatement of Senator Allen.......................................    10\nStatement of Senator Burns.......................................     8\nStatement of Senator Cantwell....................................    55\nStatement of Senator McCain......................................     1\n    Letter dated May 21, 2003 from Bill Gates, Chairman and Chief \n      Software Architect, Microsoft..............................     3\n    Letter dated May 20, 2003 from Jerry Berman, President, \n      Center for Democracy & Technology..........................     4\nStatement of Senator Nelson......................................    17\nStatement of Senator Wyden.......................................     9\n\n                               Witnesses\n\nDayton, Hon. Mark, U.S. Senator from Minnesota...................    15\nHughes, J. Trevor, Executive Director, Network Advertising \n  Initiative.....................................................    76\n    Prepared statement...........................................    78\nLeonsis, Ted, Vice Chairman, America Online, Inc. and President, \n  AOL Core Service...............................................    58\n    Prepared statement...........................................    61\nRotenberg, Marc, Executive Director, Electronic Privacy \n  Information Center and Adjunct Professor, Georgetown University \n  Law Center.....................................................    83\n    Prepared statement...........................................    85\nSalem, Enrique, President and CEO, Brightmail Inc................    63\n    Prepared statement...........................................    64\nScelson, Ronald, Scelson Online Marketing........................    89\n    Prepared statement...........................................    92\nSchumer, Hon. Charles E., U.S. Senator from New York.............    11\n    Prepared statement...........................................    14\nSwindle, Hon. Orson, Commissioner, Federal Trade Commission......    18\nReport dated April 30, 2003 from the Federal Trade Commission\'s \n  Division of Marketing Practices entitled ``False Claims in \n  Spam\'\'.........................................................    20\n    Prepared statement...........................................    37\nThompson, Hon. Mozelle W., Commissioner, Federal Trade Commission    38\n    Prepared statement...........................................    40\n\n\n\n\n                  SPAM (UNSOLICITED COMMERCIAL E-MAIL)\n\n                              ----------                              \n\n\n                        WEDNESDAY, MAY 21, 2003\n\n                                       U.S. Senate,\n        Committee on Commerce, Science, and Transportation,\n                                                    Washington, DC.\n    The Committee met, pursuant to notice, at 9:35 a.m. in room \nSR-253, Russell Senate Office Building, Hon. John McCain, \nChairman of the Committee, presiding.\n\n            OPENING STATEMENT OF HON. JOHN McCAIN, \n                   U.S. SENATOR FROM ARIZONA\n\n    The Chairman. Good morning. Today, the Committee will \nexamine whether there are ways we can effectively deal with the \nincreasing proliferation of spam in America. I commend the \nFederal Trade Commission for its dedication to the complex \npolicy and technical issues involved in putting an end to \nunwanted spam. I also want to strongly commend Senators Burns \nand Wyden for their continued work over the years in trying to \naddress this issue through legislation. Literally hundreds of \nhours have been spent by these two Senators and their staffs in \ntrying to address this very, very difficult issue.\n    Spam means different things to different people. The FTC \ndefines spam generally as unsolicited commercial e-mail, and \nsome Americans do not want any of it, other consumers like to \nreceive unsolicited offers by e-mail. To them, spam means only \nunwanted, fraudulent or pornographic e-mail that floods their \nin-box. Many American businesses view e-mail as a new medium \nthrough which to market or communicate more efficiently with \nconsumers. To them, that is not spam, but commercial speech \nprotected by the First Amendment.\n    Internet service providers are caught in the middle, often \ndrawing a distinction between what they, but not necessarily \nconsumers perceive as good or bad actors, and permitting some \nunsolicited e-mails to pass through their networks to consumers \nwhile blocking others in their spam filters. Regardless of \nwhether you call all unsolicited commercial e-mail spam, it is \nrapidly on the rise, and its sheer volume is affecting how \nconsumers and businesses use e-mail. E-mail messaging has \nfundamentally changed the way we communicate with family and \nfriends, the way we communicate with businesses that provide \ngoods and services, and the way that businesses market products \nto consumers.\n    The growing affliction of spam, however, may threaten all \nof us. Less than 2 years ago, spam made up only 8 percent of \nall e-mail. Today, industry experts estimate that more than 45 \npercent of all global e-mail traffic is spam, and many expect \nit to reach the 50 percent mark by this summer. AOL estimates \nthat it blocks 80 percent of all its inbound e-mail, nearly 2.4 \nbillion messages each day. Managing this influx adds real cost \nto consumers and businesses. There are other costs to \nAmericans, such as the cost to our children, who may be \nvictimized by the nearly 20 percent of spam that contains \npornographic material, some including graphic sexual images.\n    The FTC also tells us that two-thirds of all spam contains \ndeceptive information, much of it peddling get-rich-quick \nschemes, dubious financial or health care offers, and \nquestionable products and services. While most agree that \nsomething should be done about spam, it is clear that \nlegislation alone will not solve the problem.\n    Yesterday\'s New York Times had a very interesting article. \nIt says--and I will not, obviously, quote the whole article. I \nwill include it in the record, but it said at first, it looked \nas if some students at the Flint Hill School, a prep academy in \nOakton, Virginia, had found a lucrative alternative to an \nafter-school job. Late last year, technicians at America Online \ntraced a new torrent of spam, or unsolicited e-mail \nadvertisements, to the school\'s computer network. On further \ninquiry, though, AOL determined the spammers were not \nenterprising students. Instead, a spam-flinging hacker who has \nstill not been found exploited a software vulnerability to use \nFlint Hill\'s computers to relay spam while hiding the e-mails\' \ntrue origins.\n    I mention that story because the complexity of this issue \nis challenging to all of us, and the complexity and the \ninnovative ways that spammers are employing make this to some \ndegree an issue that has ever-changing challenges. The fact \nthat there may be--keeping up with resourceful spammers\' latest \ntechnology is not the only challenge. Jurisdictional barriers \nonly complicate enforcement, and up to 90 percent of all spam \nmay pass through mail servers outside of the United States.\n    The fact that there may be no silver bullet to the problem \nof spam does not mean, however, that we should stand idly by \nand do nothing at all about it. It is clear we must act, but I \nask the witnesses to help us define the problem and tell us \nhow, whether by technical, legislative, or other means we can \nbe most effective. For Congress\' part, we should make no \nmistake, unless we can effectively enforce the laws we write, \nthose laws will have little meaning or deterrent effect on any \nwould-be purveyor of spam.\n    Finally, I ask industry to continue to respond to the \ndemands of American consumers in doing all that it can to stop \nthe worst part of spam. Parents should not have to think twice \nbefore encouraging their children to use the computer.\n    I thank the witnesses, and look forward to the testimony.\n    Also, I would like to enter into the record, letters from \nMr. Bill Gates and also Jerry Berman of the Center for \nDemocracy and Technology, basically stating their commitment to \nworking with us to try to eliminate this issue.\n    [The information referred to follows:]\n\n                                                  Microsoft\n                                                       May 21, 2003\n\nLetter from Bill Gates to the U.S. Senate Commerce Committee Regarding \n                             Spam Hearings\n\nDear Chairman McCain and Ranking Member Hollings:\n\n    Thank you for holding this important and timely hearing on spam. I \ngreatly appreciate the leadership of both you and your Commerce \nCommittee colleagues. I regret that we are unable to participate \ndirectly, but would like to take the opportunity to share Microsoft\'s \nperspective on this critical e-commerce and consumer issue.\n    The torrent of unwanted, unsolicited, often offensive and sometimes \nfraudulent e-mail is eroding trust in technology, costing business \nbillions of dollars a year, and decreasing our collective ability to \nrealize technology\'s full potential. According to some industry \nestimates, spam now makes up more than 50 percent of all e-mail. To \nmake matters worse, spam often preys on less sophisticated e-mail \nusers, such as our children, posing a genuine threat to personal \nsecurity and privacy and threatening the very utility of e-mail as a \nviable communication tool.\n    Microsoft firmly believes that spam can be dramatically reduced, \nand that the solution rests squarely on the shoulders of industry and \ngovernment. There is no silver bullet solution to the problem. Rather, \nwe believe that fully addressing this problem for the long-run requires \na coordinated, multi-faceted approach that includes technology, \nindustry self-regulation, effective legislation, and targeted \nenforcement against the most egregious spammers.\n    In terms of technology, Microsoft is committed to providing \ncustomers with the best solutions available, and engaging on every \nlevel to find new and better technical means to stop spam. To date, \nMicrosoft\'s investments in anti-spam technologies have already paid off \nfor businesses and consumers through innovations available in new \nversions of our products, such as MSN, Hotmail, Exchange and Outlook.\n    The industry is building better filters every day, and is investing \nheavily in research and development to open the door to greater \ninnovation. We need filtering technologies that are easier for \nconsumers to use, and more effective at determining which e-mail \nmessages are spam and which are desired communications. This \ndifferentiation will greatly reduce the risk of falsely misidentifying \nlegitimate e-mail as spam.\n    While we and others have made significant advances in anti-spam \ntechnology, we recognize there is still much work to be done. But \ntechnology is not the only answer. Effective and complementary self-\nregulation efforts by the industry are crucial.\n    Specifically, we support the establishment of an independent trust \nauthority or authorities around the globe that could spearhead industry \nbest practices, and then serve as an ongoing resource for e-mail \ncertification and customer dispute resolution. In short, these \nauthorities could provide mechanisms to identify legitimate e-mail, \nmaking it easier for consumers and businesses to distinguish wanted \nmail from unwanted mail. Of course, any technology designed to \nestablish the identity of legitimate commercial firms and associate \nthem with a trusted sender ``seal\'\' should be based on open standards \nand developed with broad input from affected industries.\n    But in order for the self-regulation and technology efforts to be \nsuccessful, they need to be supported by strong Federal legislation \nthat prohibits fraudulent and deceptive spamming practices, and \nempowers consumers without threatening the vitality of legitimate e-\ncommerce.\n    Specifically, Federal legislation should create incentives for e-\nmail marketers to adopt best practices, and to certify themselves as \ntrusted senders who can be more easily identified by consumers and \nfilters alike. One way to encourage marketers to adopt e-mail best \npractices is to provide a Safe Harbor for those companies who are \nmembers of an FTC-approved self-regulatory organization. Under this \napproach, safe harbor participants would be entitled to avoid the \nburden of additional labeling requirements (such as ``ADV:\'\' to \nidentify e-mail advertisers) while enjoying other regulatory benefits \nbased upon their compliance with specific sender guidelines.\n    Thus, Federal legislation should identify the basic components that \nindustry guidelines must address, such as notice and choice \nobligations, but permit the industry to take the lead in developing the \nspecific guidelines within these parameters.\n    Microsoft believes other elements of Federal legislation should \ninclude:\n\n  <bullet> Effective Internet service provider (ISP) enforcement that \n        allows ISPs to prosecute spammers on behalf of their customers;\n\n  <bullet> Meaningful definitions to capture all bad actors involved in \n        sending unlawful spam, including those who knowingly assist in \n        the transmission of unlawful spam;\n\n  <bullet> Provisions that permit state Attorneys General to enforce \n        violations of Federal law, as well as existing state contract \n        and trespass laws, in order to further increase the pressure on \n        persistent spammers;\n\n  <bullet> Express language that preserves the right of ISPs to combat \n        spam (i.e., provisions that make it clear that the Federal \n        anti-spam law does not impose an obligation on ISPs to block or \n        carry certain types of e-mail messages, and does not impair an \n        ISP\'s ability to enforce its anti-spam policies); and\n\n  <bullet> Federal preemption of state statutes that regulate the \n        sending of commercial e-mail messages provided the Federal \n        anti-spam law contains strong substantive requirements. Because \n        ISPs rely heavily on state contract and trespass laws, as well \n        as laws relating to computer fraud and theft, in their fight \n        against spammers, Federal preemption in any anti-spam law \n        should include a carve-out for such state laws.\n\n    The recent increase in anti-spam legislative activity both \ndomestically and internationally is encouraging, and we commend you for \nthe important work you are doing in this area. Current U.S. state laws \nalready make it possible for the industry to begin taking action \nagainst spammers who are illegally targeting customers. Enforcement \nefforts across the industry to date have been successful, and more will \ncome. ISPs including Microsoft, AOL and Earthlink have already begun to \nfile lawsuits, as have the Federal Trade Commission and many state \nAttorneys General, in an effort to increase the costs of sending spam, \nthereby reducing its volume.\n    As a leader in the industry, Microsoft is committed to using its \nresources to help address this problem from every perspective: \ntechnology, self-regulation, legislation and enforcement. We have \nstarted to see progress on all fronts, but much more work needs to be \ndone.\n    We pledge our support to your legislative effort, and look forward \nto sharing our proposals and working with others toward a viable \nsolution. When industry, government and technology come together to \nsolve the spam problem, we will truly be able to offer consumers a \ntrustworthy, safe and more productive e-mail experience.\n            Sincerely,\n                                                Bill Gates,\n                             Chairman and Chief Software Architect.\n                                 ______\n                                 \n                          Center for Democracy & Technology\n                                       Washington, DC, May 20, 2003\nChairman John McCain,\nSenate Committee on Commerce, Science, and Transportation,\nUnited States Senate,\nWashington, DC.\n\nDear Chairman McCain:\n\n    The Center for Democracy and Technology is continuing its activity \nto help find effective solutions to the problem of unsolicited \ncommercial e-mail--also known as ``spam.\'\' We welcome the Committee\'s \ninquiry into this important issue, and look forward to working together \ntowards a solution that will protect the Internet and its users from \nthe choking effects of unwanted e-mail, while maintaining the openness \nand innovation that makes the Internet so valuable.\n    As per your request, we have attached our recent report ``Why Am I \nGetting All This Spam?\'\' which we ask you to consider in the \nCommittee\'s hearings on this issue. In the report, CDT explored the \nways in which spam was received by over two hundred and fifty e-mail \naddresses spread all over the Internet. In six months, we received over \neight thousand unsolicited e-mail messages to addresses that had been \nposted on the Web, used in newsgroups, or disclosed to Internet \nbusinesses.\n    From that research, CDT created a series of tips for users to take \nsteps to shield themselves from spam. Those tips, as well as the rest \nof our report, are attached.\n    Based on our research and further discussions, CDT believes that \nthe spam problem merits targeted Federal legislation to help alleviate \nthe burdens spam causes for consumers, businesses, and ISPs. While spam \nis undeniably a major problem for the future of the Internet, we must \nbe careful to craft legislation that can be effective and does not run \ncounter to freedom of speech and other concerns.\n    A prerequisite to narrow and effective spam legislation is open \ndialogue among policymakers, industry, and Internet users--a dialogue \nthat is only beginning to occur. This committee has an important role \nto play in creating the kind of open discussion that will lead to the \nbest path forward. We look forward to continued work with you on this \nimportant issue.\n            Sincerely,\n                                              Jerry Berman,\n                                                         President.\n                                 ______\n                                 \n\n                               LexisNexis\n\n               Copyright 2003 The New York Times Company\n\n   The New York Times--May 20, 2003 Tuesday Correction Appended Late \n                             Edition--Final\n\nSECTION: Section A; Column 1; Business/Financial Desk; Pg. 1\n\nLENGTH: 1835 words\n\nHEADLINE: TECHNOLOGY; E-MAIL\'S BACKDOOR OPEN TO SPAMMERS\n\nBYLINE: By SAUL HANSELL\n\nBODY:\n\n    At first, it looked as if some students at the Flint Hills School, \na prep academy in Oakton, Va., had found a lucrative alternative to an \nafter-school job. Late last year, technicians at America Online traced \na new torrent of spam, or unsolicited e-mail advertisements, to the \nschool\'s computer network.\n    On further inquiry, though, AOL determined that the spammers were \nnot enterprising students. Instead, a spam-flinging hacker--who still \nhas not been found--had exploited a software vulnerability to use Flint \nHills\' computers to relay spam while hiding the e-mail\'s true origins.\n    It was not an isolated incident. The remote hijacking of the Flint \nHills computer system is but one example among hundreds of thousands of \na nefarious technique that has become the most common way for spammers \nto send billions of junk e-mail messages coursing through the global \nInternet each day.\n    As spam has proliferated--and with it the attempts by big Internet \nproviders to block messages sent from the addresses of known spammers--\nmany mass e-mailers have become more clever in avoiding the blockades \nby aggressively bouncing messages off the computers of unaware third \nparties.\n    In the last two years, more than 200,000 computers worldwide have \nbeen hijacked without the owners\' knowledge and are currently being \nused to forward spam, according to AOL and other Internet service \nproviders. And each day thousands of additional PC\'s are compromised at \ncompanies, institutions and--most commonly of all--homes with high-\nspeed Internet connections shared by two or more computers.\n    ``The spammers have mutated their techniques,\'\' said Ronald F. \nGuilmette, a computer consultant in Roseville, Calif., who has \ndeveloped a list of computers that are forwarding spam. ``Today, if you \nare trying to do a really mass spamming, it is de rigueur to do it in \nan underhanded manner.\'\'\n    Just last Thursday, 17 law enforcement agencies and the Federal \nTrade Commission issued a public warning about some of the ways \nspammers now commandeer computers to evade detection. The officials \ntranslated the warning into 11 languages because many of the exploited \ncomputers are known to be in China, South Korea, Japan and other \ncountries with heavy Internet use.\n    Mostly, the spammers are exploiting security holes in existing \nsoftware, but increasingly they are covertly installing e-mail \nforwarding software, much like a computer virus. For some, hacking is \nno longer about pranks, but making a profit.\n    ``This is not about a hacker trying to show off, or give you a hard \ntime,\'\' said William Hancock, chief security officer for Cable and \nWireless, the British telecommunications company. ``This is about \nmoney. As long as there are people who want spam to go out, this is not \ngoing to go away.\'\'\n    Spam fighters say that some software is too easy to exploit and \nshould be fixed. Moreover, computer users can take technical \nprecautions to safeguard their machines. But not everyone will bother \nto take those steps, even if he or she discovers having been dragooned \ninto the spammers\' global army.\n    To begin with, most users do not see much effect when their \ncomputer has been co-opted. Surfing the Web from the victimized \ncomputer may be slower than usual but that is not always easy to \ndetect. In most cases, the owners\' e-mail addresses are not added to \nthe spammed messages, so there is no need to worry that friends and \nassociates will think the PC owners have suddenly started peddling \nherbal Viagra.\n    Indeed, the only way most users even become aware of such \nhijackings is when they receive telephone calls or e-mail from their \nInternet service providers saying a piece of spam was traced back to \ntheir machines.\n    ``People are shocked,\'\' said Bobby Arnold, a network abuse engineer \nat Earthlink, the big Internet provider. ``Someone will say, `I thought \nmy computer was running a little slow, but I had no idea it was being \nused to send spam.\' \'\'\n    Some of the victims of the hidden spammers are revolted to learn, \nMr. Arnold said, that they are aiding the hucksters and pornographers \nresponsible for what many Internet users consider the medium\'s great \nblight. The truly offended rush to safeguard their machines.\n    But others, who see no direct impact to themselves, simply shrug \noff the problem, Internet providers say. Intent on reducing their \nnetwork clutter, the providers then often try to cajole them into \ncooperating--and, if that fails, will sometimes cut off a user\'s \nservice.\n    Sometimes people do find that someone has been sending spam and \nusing their e-mail address as the sender, but this does not mean that \ntheir computers were used. Nothing on the Internet verifies that an e-\nmail message was actually sent by the person listed in the ``From\'\' \naddress, which is one reason fighting spam is so hard.\n    And spammers like to send e-mail that appears to be from their \nenemies or names chosen at random. The legitimate owners of those \naddresses are often left to clean out hundreds or thousands of \ncomplaints from their e-mailboxes.\n    When a computer receives an e-mail message, it does record a code \nnumber, called an Internet protocol address, that can be traced to the \ncomputer that is connecting to it. But often e-mail is passed from one \nmachine to another and the identity of the original sender cannot be \nverified.\n    Indeed, the rapid rise in the number of spammers trying to hijack \ninnocent computers is a direct result of their desire to hide their own \nInternet protocol addresses from spam blockers. Most commonly, they are \ntaking advantage of a backdoor in much of the software that office \nusers or people with high-speed connections at home often install to \nshare an Internet link among several computers--or so-called proxy \nservers. Some other types of e-mail and Web surfing software, typically \nrun by larger companies, can also be taken advantage of if security \nfeatures are not properly set up.\n    Because it essentially enables one computer to masquerade as \nanother, a proxy server is an ideal tool for anyone seeking to use the \nInternet anonymously. So proxy servers are used by people in some \ncountries to visit websites blocked by government censors. They are \nalso used by hackers trying to attack other machines. And they are \nperfect for spammers trying to avoid filters.\n    None of these uses would be possible if the owners of the proxy \nservers made sure to configure them for access only by authorized \nusers. But whether from laziness or ignorance, many users of proxy \nservers leave them open to anyone on the Internet.\n    AnalogX Proxy, a free proxy-server program that has been downloaded \nby more than a million people, is automatically in the open state when \nit is first installed. Mark Thompson, the author of AnalogX, said he \nhad rebuffed the requests of many antispam activists to distribute the \nsoftware with the security features already activated because doing so \nwould make it harder to set up.\n    ``The biggest plug for the proxy is it is really easy to get it \nrunning,\'\' he explained. Mr. Thompson said he did try to achieve a \ncompromise by revising the program to give people a warning about \nsecurity problems every time it starts.\n    Even so, Wirehub, a Dutch Internet service provider, says that \n45,000 of the 150,000 open proxy servers it has identified as sending \nspam appear to be using AnalogX.\n    To find all these vulnerable machines, spammers and other hackers \ndeploy computers that do nothing more than try to connect to millions \nof computers across the Internet, looking for open proxy servers to \nexploit.\n    At the Flint Hills School, ``it was pretty amazing how fast our \nvulnerability was picked up by the spammers,\'\' Robert Hampton, the \nschool\'s director of technology, said recently. Once the problem was \nidentified, the school was able to fix it immediately.\n    Spammers and hackers trade or sell lists of open proxy servers on \ndozens of websites. And other sites sell software a would-be spammer \ncan use to find new servers.\n    In the last six months, an increasingly common trick has been for \nspammers to attach rogue e-mail-forwarding software to other e-mail \nmessages or hide it in files that are meant to emulate songs on music \nsharing sites like KaZaA.\n    As with all such hacker contraptions, and much spam, it is \ndifficult to figure out who is behind these programs. But there is some \nevidence that one of the major spam-sending programs, known as Jeem, \noriginated in Russia, which has been a fertile ground for both spammers \nand hackers.\n    Last October, Michael Tokarev, a Russian computer programmer active \nin the worldwide antispam effort, noticed a lot of spam in Russian that \noffered bulk-mailing services. The messages were identical, but they \ncame from many different computers. He investigated and found they were \nforwarded by a program, calling itself Jeem, that had not been seen \nbefore.\n    Mr. Tokarev said that in December, a Russian forum for spammers \ncalled Carderplanet.com contained a posting offering to sell the \nInternet addresses of open proxy servers, for $1 each, that appeared to \nbe machines infected with Jeem. ``Since the last week of December, \nseveral big U.S. spammers started to use those Jeems, too,\'\' Mr. \nTokarev wrote in an instant message interview last week.\n    Machines infected with Jeem, which is especially hard to find \nbecause it keeps switching its identity on the computers it borrows, \nseem to be used these days mostly by spammers selling pornography, \nDavid Ritz, a volunteer spam fighter, said. Using a software monitoring \ntool he helps run, Mr. Ritz last week examined the messages sent to \nInternet news groups from just one home computer infected with Jeem. On \none day last week, this computer sent 773 pornographic news postings \nwith subjects like ``Lolita paradise\'\' and ``N.U.D.E--L,O,L,I,T,A,S.\'\'\n    ``Open proxies are the single greatest threat to the integrity of \nthe network that we see now,\'\' he said.\n    AOL, which has made fighting spam a central part of its marketing \nthrust, is taking what some see as radical action against open proxy \nservers. It will no longer accept any incoming e-mail sent directly \nfrom the computers of individual home users with high-speed service. \nThis will not affect most home users because they typically do not run \ne-mail servers on their own computers but connect their e-mail programs \nto servers run by their Internet providers. But a handful of advanced \nusers and small businesses do run their own e-mail servers connected to \nhigh-speed lines, and they no longer can send e-mail to AOL users.\n    Road Runner, the high-speed service of Time Warner cable, is taking \na different approach. It is actively running the same sort of scanning \nprogram used by the spammers to find out whether any of its customers \nhave open proxy servers. Those that do are asked to close them. Many \nother service providers shy away from such scanning because it appears \nto be an invasion of privacy.\n    ``It\'s a race,\'\' said Mark Harrick, Road Runner\'s director of \nnetwork security. ``There are malicious individuals scanning our users \nlooking for vulnerabilities every day, and we want to find them \nfirst.\'\'\n\nCORRECTION-DATE: May 21, 2003\n\nCORRECTION:\n\n    A front-page article yesterday about mass e-mailers who bounce spam \noff the computers of unwitting third parties misspelled the name of a \nprep school in Virginia whose network was used to send spam. It is \nFlint Hill, not Hills.\n    The article also misspelled the surname of the director of security \nfor Road Runner, which is scanning its customers\' systems to determine \nwhether they are vulnerable. He is W. Mark Herrick Jr., not Harrick.\n    GRAPHIC: Chart: ``Close the Door To Spammers\'\' To avoid having \ntheir e-mail ads blocked, spammers are increasingly relaying their \nmessages covertly through computers of home and office Internet users. \nThe users are often unaware that their computers have been hijacked. \nMeasures to prevent spammers from commandeering a computer will also \nmake for a safer Internet connection. ERECT A FIREWALL A firewall \nprogram governs what programs may connect to the Internet and can block \nthe forwarding of rogue e-mails. Firewalls come both as software \nprograms and built into routers, devices used to share a connection. \nUSE ANTIVIRUS PROTECTION This software protects against infiltration by \na covert spam-relaying program. Keep this software updated, as hackers \nare prolific. BEWARE OF DOWNLOADS Many malicious programs are \ndistributed in the form of attachments to e-mails, or files to \ndownload, as from a music-sharing website. LIMIT PROXY SERVERS If using \nproxy-server software instead of a router to share an Internet \nconnection, make sure it is set to share only with computers on the \nlocal area network, not the entire Internet. Common proxy-server \nprograms include AnalogX Proxy and Wingate. (pg. C6)\n\n    The Chairman. I would like to ask Senator Burns, if that is \nOK, Senator Burns and then Senator Wyden, and then we will \nwelcome our two colleagues.\n\n                STATEMENT OF HON. CONRAD BURNS, \n                   U.S. SENATOR FROM MONTANA\n\n    Senator Burns. Thank you, Mr. Chairman, and I think you hit \nthe nail on the head a little while ago. I want to thank my \ncolleague, Senator Wyden, and you mentioned him spending many \nhours on this issue, and we have for the last 4 or 5 years, but \nI also want to commend you for your patience in putting up with \nus. We have been involved in this issue quite a while now, and \nnow we are finally coming down to a product I think we can \npresent to the American people with pride, and I think also the \nChairman\'s acknowledgement that legislation alone will not take \ncare of this problem. It will, however, facilitate industry and \nlaw enforcement people, especially the FTC, to get down to \nbusiness and look at it seriously, as if we have the technology \nto prevent this unwanted commercial e-mail, if you want to call \nit that, and do something about it, because it is the cost to \nbusinesses and individuals are escalating, and they are wide-\nranging.\n    Businesses lose money when employees take more time to wade \nthrough their e-mails, individuals who pay long distance \ncharging to ISPs end up footing the bill while their inbox is \nfilled with unsolicited messages. Servers all over the country \nhave difficulty blocking spam, all while spammers work to find \nmore and more ways to circumvent the latest software server or \nindividual blocking systems.\n    I want to specifically, really, at this point thank my \ncolleague, Senator Wyden, who has been working tirelessly for \nyears. Last month, Senator Wyden and I reintroduced the CAN-\nSPAM bill, which passed unanimously out of this Committee last \nyear. I thank the cosponsors of the bill, particularly those on \nthis Committee and here today, including Senators Stevens, \nBreaux, Nelson, and, of course, Senator Schumer, and we will \nhear from him later.\n    The CAN-SPAM bill empowers consumers and grants additional \nenforcement authority to the FTC to take action against \nspammers. The bill will provide additional tools to end this \nonline harassment by allowing users to remove themselves from \nthe mass e-mail lists and impose steep fines up to $1.5 million \non those spammers. For particularly flagrant offenders, the \nCAN-SPAM bill carries criminal penalties, including up to a \nyear in jail for those who disguise their identities and use \nfalse and misleading subject lines. In short, this bill \nprovides broad consumer protection against bad actors, while \nstill allowing legitimate Internet advertising as a justified \nmeans of flourishing.\n    While it is obvious to anyone with an e-mail account that \nthe scourge of spam has continued to worsen, the trends are \nbecoming more apparent by the day, and even more alarming. \nAccording to a recent article in The Washington Post, spam \ncurrently accounts for 40 percent of all the e-mail traffic. \nThe number is estimated to exceed that this summer. America \nOnline alone is blocking 2.4 billion spam messages every day. \nThat seems almost unbelievable. If current trends continue and \nnothing is done, the toxic sea of spam is threatening to drown \nthe very medium of e-mail.\n    The digital dreck of spam is particularly poisonous in \nrural areas. Because of the vast distances in Montana, many of \nmy constituents are forced to pay long distance charges for \ntheir time on the Internet. Spam makes it nearly impossible for \nthose in rural America to realize the tremendous economic and \neducational benefits of the online era. In today\'s information \nage, where beating the competitor to the next sale is \nabsolutely critical to survival, spam-related slow-downs and \nshutdowns are causing real economic damage. According to one \nstudy done by a consulting group, spam will cost U.S. \nbusinesses $10 billion this year alone.\n    The true impact of spam is seen is individual stories. A \nconstituent of mine, Jeff Smith, who built a cutting-edge cyber \nhotel in Missoula, Montana, he has calculated that spam has \ncost his business $300,000 a year. Nearly half of the bandwidth \nhe buys is sucked up by unwanted messages. His entire company \nis only worth $2.5 million, so clearly, a loud clarion call for \nFederal legislation has gone forth, and the Committee should \nheed this call.\n    Just weeks ago the New York Times mentioned it, as was \ncited by our Chairman today, and understanding the peril that \nwe are in is drowning something that actually a lot of folks \nhave thought to be one of the great tools that we have in this \ncountry especially in areas we might call remote.\n    So thank you, Mr. Chairman, for having this hearing. Thank \nyou for your patience. Thank you for understanding the problem \nthat we are facing.\n    The Chairman. Thank you, Senator Burns. Senator Wyden.\n\n                 STATEMENT OF HON. RON WYDEN, \n                    U.S. SENATOR FROM OREGON\n\n    Senator Wyden. Thank you, Mr. Chairman. I will just make a \nfew comments. Senator Burns and I have been prosecuting this \ncase against spam now for more than 4 years, and he has said it \nvery well, and I have been really proud to have been his junior \npartner in this cause all these years, and we appreciate the \nfact that you are willing to hold this hearing.\n    Mr. Chairman, it just seems to me what this issue is all \nabout is giving consumers control over their inbox. At this \npoint, there are few, if any, consequences for those who have \nchosen to abuse the open and low-cost nature of e-mail, and \nthat is what Senator Burns and I have been trying to change all \nthese years, and I wanted to take just a minute to put a bit of \nperspective on this, because as we have been at this now for \nseveral Congresses, what would always happen is that we would \nget favorable reactions from people, citizens and others who \nare frustrated with spam, but we always heard a number of \narguments that now was not the time for congressional action.\n    People would say, well, the problem is not so serious, it \nis just an annoyance. They would say, you can use the delete \nkey, that is the only solution that anybody needs, it is \noverkill to have a variety of enforcement tools, and what \nseemed particularly ironic in this Committee, since we led the \neffort for the Internet Tax Freedom Act, people said that spam \nlegislation would stunt the growth of E-commerce. Well, I do \nnot think those arguments hold much weight any more, given the \nfact that we have got this tidal wave of spam, and the question \nnow is to look at the good ideas.\n    Senator Burns and I think that we have come up with an \napproach that is going to work, but we know our colleagues have \na number of good ideas, and we are anxious to look at those as \nwell, but begin to change the odds. The people who are spamming \nare not technological simpletons. These are very sophisticated, \nsavvy people, and what we need to do is to change the odds, and \nwe believe in our legislation, by producing a tiered approach \non enforcement--Senator Burns and I have criminal penalties, we \ngive the Federal Trade Commission civil authority to bring \naction, we give the state Attorneys General the authority to \nbring action, and we give the ISPs, the Internet service \nproviders the authority to bring action, and we believe that if \nyou bring a modest number of enforcement actions using that \nkind of authority, you send a message to those scamming \nspammers and people who want to abuse the system that the odds \nare going to change. The odds are more likely that this is \ngoing to be treated as a serious problem and you are going to \nhave some consequences.\n    The last point that I would make, Mr. Chairman, is that I \nthink you absolutely have to have a tough enforceable national \nlaw, because the alternative is, the country will have a crazy \nquilt of state laws. The spammers will play the states off \nagainst each other, and I think the problems will continue to \nproliferate. What this really comes down to is, in our country, \nwe think that the consumer ought to have a right to know where \ne-mail is coming from, and they ought to have a right to tell \nthe spammer to stop. We are anxious to move forward finally, \nwelcome our colleagues. They have good ideas, and several of \nour other colleagues do as well. Let us move to examine them \nand then pass legislation here in this Committee.\n    And I thank you.\n    The Chairman. Thank you. I would like to welcome both of \nour colleagues, Senator Schumer and--Senator Allen, did you \nhave an opening comment?\n\n                STATEMENT OF HON. GEORGE ALLEN, \n                   U.S. SENATOR FROM VIRGINIA\n\n    Senator Allen. If I may, Mr. Chairman. Thank you, and I \nwant to thank all of our witnesses for appearing this morning \non this important topic. In fact, I was with a group of \npeople--I will not mention who; it is political, but I said we \nhave to leave here because we have got a hearing on spam, and \neveryone said go, great, get rid of it, and so this is a good \nbipartisan issue that I think all Americans care about. \nObviously, for e-mail and Internet to continue, it has to be \nefficient, and unfortunately--and you will get all the \ntestimony here--it is becoming that you spend more time \ndeleting unwanted messages, and that is one thing personally, \nit is another thing for a business, and I will also speak \nbriefly on a few points here.\n    I know that Commissioners Swindle and Thompson will be \ntestifying, the FTC Commissioners, and I want to commend you \nall for the effort you have been making particularly enforcing \nagainst e-mail that is fraudulent or containing deceptive \ninformation. That is very important, and I commend you. The \ngoal here, as we see it, is to empower consumers or provide \nthem with a choice while preserving legitimate E-commerce \nbusiness activities that are important for the growth of our \neconomy and businesses. I do think that the costs, though, \nassociated with spam far outweigh the benefits of it.\n    This is a balance we have to strike here, and consumers--\nand I will say this as a parent--are becoming increasingly \nconcerned about the spam that is coming through to our \nchildren, not just disruptive to the family, but children, and \npeople will talk about that. I will say from personal \nexperience now, using AOL as my Internet service provider \ncompared to previous ISPs, it is much better in blocking this \nunwanted spam. You may have to click off a few ads, which you \nhave always had to do, but as far as blocking this unwanted \nspam, it is far, far better in that regard, and I know that Mr. \nLeonsis will testify on AOL\'s efforts.\n    Finally, I want to commend this legislation that Senator \nBurns and Senator Wyden have. I think it is a good bill pending \nbefore our Committee, Mr. Chairman, as it relates to the issue \nof state preemption, which is an important matter for Virginia, \nand we have just passed a very good law. It strikes the right \nbalance as far as enforcement and preserving certain causes of \naction as far as fraud, so I think ultimately, an approach \nwhich incorporates the good legislation like the Burns-Wyden \nlegislation, as well as effective Government enforcement, and \nlet us also couple it with technology advancements and \nsolutions, and improved business practices. We will strike that \nappropriate balance needed to empower consumers while \nmaintaining e-mail as a viable commercial communications tool, \nand I thank you, Mr. Chairman, for having this very timely, \nneeded hearing.\n    I thank all the leaders and our colleagues for their \nleadership, and look forward to reading and hearing the \ntestimony of our witnesses.\n    The Chairman. Thank you. Welcome to our colleagues, Senator \nSchumer and Senator Dayton.\n    Senator Schumer.\n\n             STATEMENT OF HON. CHARLES E. SCHUMER, \n                   U.S. SENATOR FROM NEW YORK\n\n    Senator Schumer. Thank you, Mr. Chairman. First, I want to \nthank you for holding these timely hearings and for your \nleadership on so many consumer issues. I think people who have \nproblems with all sorts of different new technological and \nother industry problems look to you as a beacon, and once \nagain, you are Johnny-on-the-spot, and we very much appreciate \nit. I also want to--I did not even--the double entendre was not \nintended.\n    [Laughter.]\n    Senator Schumer. Sometimes these things just slip out. It \nis not so bad. Worse things have been said about people.\n    In any case, I also want to thank Senators Burns and Wyden. \nThey have been true trailblazers and leaders on this issue, and \nI know as we try to come together on legislation that their \nproposals and their thoughts on this will help us dramatically \nin Congress solve this problem.\n    Now, it is no secret, Mr. Chairman, we are under siege. \nArmies of online marketers have overrun e-mail inboxes across \nthe country with ads for herbal remedies, get-rich-quick \nschemes, and pornography. Today\'s spam traffic is growing at a \ngeometric rate, causing the superhighway to enter a state of \nvirtual gridlock. What was a simple annoyance last year has \nbecome a major concern this year, and could cripple one of the \ngreatest inventions of the 20th Century next year if we do \nnothing.\n    As a result, Mr. Chairman, a revolution against spam is \nbrewing as the epidemic of junk e-mail exacts an ever-\nincreasing toll on families, businesses, and the economy. A \nnumber of us in the Senate have proposed legislation aimed at \ncurbing the spread of spam. I have proposed a no-spam list, \ncriminal penalties for spammers, and several other initiatives \ngeared toward reducing the number of unwanted e-mails we get in \nour inboxes, and obviously there are many other solutions out \nthere, and we know that there is no silver bullet; that not any \none solution is going to solve this problem, because as you \nmentioned, the technology--you have offensive and defensive \nwarfare, and every time a defensive warfare does some good, the \noffense uses the same technology to get ahead.\n    But there is one fact that is very encouraging, and that is \nthat 90 percent of spam, it is estimated, is caused by about \n250 users, such as the fellow they just caught in my state, in \nBuffalo. That means that legislation, while it will not \neliminate spam, can really go after the worst users. So can \nenforcement, and we can make a real dent and turn the tide, so \ninstead of the number of spam messages every one of us gets \ngoing up each week, it will go down and down until it is back \nto being just an annoyance.\n    So today I am going to discuss these measures, but I also \nwant to talk about one other thing, because spam grows so \nexponentially, and that is the need for an international effort \nin the war on spam to occur at the same time we seek to deal \nwith the problem here in the United States. The simple fact of \nthe matter is that so many of the problems that have come about \nin the digital age are inherently global. Spam is no exception.\n    Spam is truly an international issue, because the Internet \nis a global resource, and stemming the rising tide of spam is \nessential if the Internet is to continue to be an effective \nmedium of communication and commerce. It would not do us much \ngood if we went after the spammers here in the United States \nand they set up shop in another country and just did the same \nthing.\n    Other countries are beginning to deal with spam, Korea and \nAustralia among them. Their governments are considering anti-\nspam measures, and collaboration with these and other Nations \nis crucial if the U.S. is to be effective, so that is why today \nI am proposing an international agreement, a treaty to fight \nspam. A global agreement will ensure that anti-spam standards \nprotecting American computers are enforceable both here and \nabroad.\n    An international agreement will become more important as \nnew regulations and law enforcement efforts in the U.S. cause \nthe most prolific spammers to flee to other countries. We know \nthat is what they do. We have experience with money laundering, \ndigital piracy, child pornography. We know that as soon as we \ntighten up our laws here and institute vigorous enforcement, \nthose who want to violate our laws move abroad to avoid \nprosecution.\n    The bottom line is that the second we tighten up \nenforcement here at home, rogue actors go overseas to continue \ntheir activities. If we are just focused on curbing spam here \nat home, we will be unsuccessful, but that does not mean we \nshould sit on our hands until we get our fellow countries on \nboard with these efforts. There is a lot of work that needs to \nbe done here, and that is why so many interested parties, \nincluding the Direct Marketing Association, have come around to \nthe view that the Federal Government can play a meaningful role \nin stopping spam. They know that effective anti-spam \nlegislation makes it more likely that consumers will read \nlegitimate marketing messages.\n    We also have the problem of pornography, which is really a \nserious one. Let me illustrate this point with a story. My wife \nand I have two wonderful children, one of whom is just about to \ncomplete her first year at college, and the other, a 14-year-\nold girl, Alison, is an absolute whiz on the Internet. She \nspends far more time on the Internet than she does watching \ntelevision, which until recently we thought was great, \nconsidering what is on television.\n    Well, as parents we do our best to make sure the Internet \nis a positive experience for her, a device to help her with her \nschool work, learn about events taking place around the world, \nmaybe even a way to order the latest N Sync CD. You can imagine \nmy wife\'s and my anger and dismay when we discovered that not \nonly was she a victim of spam, but like all e-mail users, much \nof the junk mail she was receiving advertised pornographic \nwebsites, things I would not want to see, let alone have my \nchild see. That is another reason that we have to move, and we \nhave to move quickly.\n    So let me just discuss the solution that I have proposed. \nCriminal penalties, and we really need stiff jail time for \nrepeat offenders. We can warn them once, fine them \nsignificantly second, but if they keep doing this, we should \ngive them jail time, and I am working with my colleagues on the \nJudiciary Committee. We will have to work in concert with the \nCommerce Committee, which has primary jurisdiction, in terms of \ncriminal penalties. We can hunt down the spammers one by one \nusing these penalties, and again, because so much of spam is \ncaused by so few people, it should make a real difference.\n    Another idea I have offered is the national no-spam \nregistry. A list maintained by the FTC would be a gigantic \ndatabase of people who can call in or e-mail in and opt out of \nreceiving unwanted spam by submitting their mail addresses to \nthe list. The list is modeled on the highly successful do-not-\ncall registries that have been used to ward off telemarketers. \nIt has been very successful in telemarketing. Admittedly, it is \na little harder with spam, because it is a lot cheaper than \nhaving somebody make a phone call, but again, given the small \nnumber of people who do this, it can make a real and dramatic \ndifference.\n    Although a similar list for e-mail addresses poses security \nchallenges that must be addressed before implementation, I am \nhopeful that this list, in conjunction with ADV labeling, \nsafeguards for those who employ best practices, might be one \nway we can give consumers control over their inboxes.\n    In conclusion, Mr. Chairman, this is a very important \nissue. The technology which has blessed our lives and accounted \nfor so much of the prosperity we have seen in the last two \ndecades is at risk, a very real part of it, and I am glad that \nyou are Chairman of this Committee and look forward to working \nwith you, Senator Burns, and Senator Wyden to come up with a \ngood, strong, comprehensive bill. At the same time, I hope we \ncan all work together to get our country to start talking to \nother countries about a treaty, so when we solve things here, \nthey do not just go right overseas and we have to start all \nover again.\n    Thank you, Mr. Chairman.\n    [The prepared statement of Senator Schumer follows:]\n\n            Prepared Statement of Hon. Charles E. Schumer, \n                       U.S. Senator from New York\n    Chairman McCain, Senator Hollings, Colleagues, Good morning.\n    Mr. Chairman, I want to thank you for holding this hearing to \naddress Unsolicited Commercial e-Mail or spam. I also want to commend \nSenators Burns and Wyden for their leadership and hard work on this \nissue.\n    I believe we are under siege. Armies of online marketers have \noverrun e-mail inboxes across the country with advertisements for \nherbal remedies, get-rich-quick schemes and pornography.\n    As you are all aware, spam traffic is growing at a geometric rate, \ncausing the Superhighway to enter a state of virtual gridlock.\n    What was a simple annoyance last year has become a major concern \nthis year and could cripple one of the greatest inventions of the 20th \ncentury next year if nothing is done.\n    Way back in 1999, the average e-mail user received just 40 pieces \nof unsolicited commercial e-mail--what we call spam--each year. This \nyear, the number is expected to pass 2,500. I know that I\'m lucky if I \ndon\'t get 40 pieces of spam every couple of days!\n    As a result, a revolution against spam is brewing as the epidemic \nof junk e-mail exacts an ever increasing toll on families, businesses \nand the economy.\n    Let me illustrate this point with a story. My wife and I have two \nwonderful children, one of whom is just about to complete her first \nyear at college. The other, a 14 year-old girl, is an absolute whiz on \nthe Internet who loves sending and receiving e-mail.\n    As parents, we do our best to make sure she has good values and \nthat the Internet is a positive experience for her--a device to help \nher with her schoolwork or learn about events taking place around the \nworld and, maybe even a way to order the latest N Sync CD.\n    You can imagine my anger and dismay when I discovered that not only \nwas she a victim of spam like myself, but, like all e-mail users, much \nof the junk e-mail she was receiving advertised pornographic websites.\n    I was and remain virtually powerless to prevent such garbage from \nreaching my daughter\'s inbox.\n    The frustration I feel in the battle against spam is one that I \nthink business owners and Internet Service Providers across that nation \ncan identify with.\n    According to Ferris Research, spam costs businesses in the United \nStates $10 billion each year in lost productivity, consumption of \nInformation Technology resources and help-desk time.\n    With surveys showing that over 40 percent of e-mail traffic \nqualifies as spam, ISPs spend millions of dollars each year on \nresearch, filtering software and new servers to deal with the ever \nexpanding volume of junk e-mail being sent through their pipes.\n    And, if the spam itself isn\'t enough, spammers often engage in \ncrimes such as identity theft and fraud to secure e-mail addresses and \ndomain names from which to send millions of pieces of junk e-mail.\n    All of this demonstrates that it\'s time to take back the Internet \nfrom the spammers. And why I am joining you today in saying that enough \nis enough.\n    We all know that spammers use a variety of tools and methods to \nsend millions of e-mail messages each day. In order to be effective, I \nbelieve spam solutions will have to be as creative and varied as the \nspammers\' efforts.\n    We should give law enforcement officials, ISPs and others a wide \nvariety of tools to fight spam.\n    Among the possible solutions that are exist--and this is not an \nexhaustive list--are pending legislation in the Senate and the House \nthe would enact anti-e-mail harvesting provisions and special e-mail \nlabeling requirements; stipulate valid unsubscribe features; and \nprohibit false and fraudulent header, router and subject line \ninformation.\n    And that\'s just a start. As I said before, because of the dramatic \nchallenges we face in stemming the spam flood, we need a multi-pronged \napproach.\n    In particular, I believe stiff criminal penalties--including jail \ntime for repeat offenders--are warranted. I am working with my \ncolleagues on the Judiciary Committee on a bill to create these new \npenalties.\n    We will hunt down spammers one by one, using criminal penalties to \nshow what will happen to those who continue to send junk e-mail.\n    Another idea I have offered is a National No-Spam Registry. This \nlist, maintained by the Federal Trade Commission, would be a gigantic \ndatabase of people who have ``opted out\'\' of receiving spam by \nsubmitting their e-mail addresses to the list.\n    The list is modeled on the highly successful Do-Not-Call registries \nthat have been used to ward off telemarketers.\n    Although a similar list for e-mail addresses poses security \nchallenges that must be addressed before implementation, I am hopeful \nthat this list might be one way we can give consumers control over \ntheir in-boxes.\n    None of these solutions will be the silver bullet that stops all \nspam. But a multi-faceted approach has a better chance of reducing the \never-growing amount of spam than a solitary solution.\n    And stemming this rising tide is essential if the Internet is to \ncontinue to be an effective medium of communication and commerce.\n    If spam continues to grow, people will rely on their e-mail less \nand less. Right now, consumers are becoming so frustrated at the junk \ne-mail bombardment that they delete legitimate commercial e-mail as if \nit were spam.\n    This is why so many interested parties, including the Direct \nMarketing Association, have come around to the view that the Federal \nGovernment can play a meaningful role in stopping spam.\n    They know that effective Federal anti-spam legislation will make it \nis more likely that consumers will read legitimate marketing messages.\n    I think we can all agree that spammers must not be allowed to bog \ndown the vast potential of e-mail and the Internet.\n    It is my hope that the impressive roster of panelists you have \nassembled here today will stimulate ideas to stop spammers in their \ntracks. I look forward to hearing their testimony and working with all \nof you to bring and end to the current junk e-mail epidemic.\n\n    The Chairman. Thank you very much, Mr. Schumer. Thank you \nfor coming.\n    Senator Dayton.\n\n                STATEMENT OF HON. MARK DAYTON, \n                  U.S. SENATOR FROM MINNESOTA\n\n    Senator Dayton. Thank you, Mr. Chairman. I thank you for \nthe opportunity to testify before you this morning, and I \ncommend you for your leadership in this whole area, and I \ncertainly commend Senators Burns and Wyden also for their \nleadership and the legislation that they have introduced.\n    I want to just at the outset, on behalf of the state of \nMinnesota and the good Minnesota Company, Hormel, voice an \nobjection to the use of the word, ``spam\'\' to characterize all \nof this activity. You know that spam was, for a half-century, \nthe bane of existence of servicemen and women and others, and \nit came to define a certain low point in some people\'s view of \nthings, but I think it has actually gotten much lower if that \nis the case.\n    Senator Burns and I had the opportunity--I ate over in \nSouth Korea at the DMZ--to eat my third MRE, and I must say, \nSpam at any temperature is a lot better than the MRE that I \nate----\n    [Laughter.]\n    Senator Dayton.--however automatically warmed in its pouch, \nand now we have this form of spam, which is, you know, very, \nvery different from the Hormel version. For one, with Hormel, \nyou get to choose whether or not you want it. Second, it is not \nforced down anyone\'s throat.\n    [Laughter.]\n    Senator Dayton. The source is clearly identified, and the \ncontents, too. You can ask Hormel what they put in their Spam, \nand they will just tell you right up front it is everything but \nthe kitchen sink.\n    [Laughter.]\n    Senator Dayton. And in what proportions, and what--it is \nleft to your imagination, but my anti-spam proposals are \nincorporated in the legislation I have introduced as 563, which \nis the Consumer/Owner\'s Bill of Rights, and it is broader than \njust the anti-spam, but I will focus on that point alone this \nmorning, and it is a starting point, not an end product at all, \nand I recognize going into this that the great appeal of the \nInternet is that it has been unregulated and it has been free.\n    I have met many who have enjoyed it that way and used it \nthat way and want to keep it that way, but unfortunately, \nindividual freedom becomes, in a larger and ever-larger social \nsystem, a form of anarchy. In that process comes a form of \nDarwinism, where everyone is on his or her own. The strongest, \nthe smartest, the most aggressive tend to take over and \ndominate, and that is the situation with spam today.\n    There are 31 billion messages being transmitted through \ncyberspace today, each day. That is an estimate, but it is \nenormous and ever-expanding, and these 31 billion messages are \ntransmitted freely and free. They are unregulated, they are \nunrestricted, and they are largely unwatched, and everyone who \nis involved in that system must individually then protect \nthemselves; the individuals, businesses, and the like, which is \ngreat for the software industry, who has not created this \nproblem, but has tried to help deal with it.\n    There are all sorts of software that you can buy to prevent \nspam and pop-ups and ads and all sorts of things, which range \nfrom nuisances at best, but then increasingly, invasions of \npeople\'s lives, spies, identity theft, credit card theft, and \nspam also becomes a carrier of viruses, worms, trojan horses, \nwhich are even more destructive and costly to individuals and \nto businesses.\n    McAfee\'s anti-virus unit estimates that there are 62,000 \nvirus threats today, and these numbers that I am throwing out \nare ones that other sources would have quite different, which \nis part of the function of the expansion of this, and rapidly \ngrowing aspect of this whole realm, is that I have seen numbers \nthat deviate quite a bit from one another, but one virus alone, \nthe Code Red worm in the year 2001 was estimated by Computer \nEconomics, an independent research firm, to have a worldwide \ncost of $2.62 billion, one virus, and it is expanding, and some \nwould say it is even exploding. Senator Schumer referenced \nHoward Carmack, who was recently arrested. It is estimated that \nhe issued himself 825 million pieces of spam last year, one \nindividual in 1 year.\n    Write Mail, the spam blocker firm, estimates, and others \nhave said, some 40 percent of all Internet e-mail today is \nspam. I have seen figures that estimate that percentage is \nhigher, but the percent share of the e-mail is increasing, I \nthink everyone would agree. Legislation will not solve this, as \nothers have said, but the situation will not improve without \nlegislation. In fact, it will get worse, and I think this is a \ncase where the perfect becomes the enemy of the good. This is \ngoing to be a moving target. It is going to be ongoing. It is \nsort of going to be like the Mad Magazine Spy v. Spy, where \nthey will be ever-dueling, one escalating and outsmarting and \noutwitting the other, and the other needing to respond.\n    So whatever we design has to be flexible, the process must \nbe nimble, and it has to be dynamic. It has to keep up with \nthese ever-new developments, and so I would recommend something \nalong the lines of what Robert Kennedy said up in the \nDepartment of Justice years ago, the Anti-Organized Crime Task \nForce, a SWAT team, a team that would drive this effort, carry \nout congressional mandates, and would interact with industry, \nwith users, with leaders in Congress, but we have to have \nsomething that is as dynamic as the industry itself, and as \ninventive as the spam producers themselves.\n    My own legislation suggests a national registry, where \npeople can opt out one time. Another is to make every e-mail \nsent to someone in the United States be identified as to its \nsource, and finally, I think it is worth looking at--I am not \nprepared to propose this now, but some very, very small charge \nto every e-mail that is sent, so small that it would not be \nonerous for an individual or a business that has regular use, \nbut it would add up and be a financial deterrent for those who \nare sending millions and even billions of these e-mails all \nover the world.\n    Thank you, Mr. Chairman.\n    The Chairman. Thank you very much, Mr. Dayton. Senator \nNelson has an opening comment, and we will leave and go vote \nand come right back. As soon as you finish, we will take a \nquick break.\n\n                STATEMENT OF HON. BILL NELSON, \n                   U.S. SENATOR FROM FLORIDA\n\n    Senator Nelson. And it will be short, Mr. Chairman. I just \nwant to throw on the table another approach, and the approach \nwould be to have an opt-out provision----\n    If all of you leave, that means I am chairing the \nCommittee.\n    [Laughter.]\n    Senator Nelson. We will take up the Nelson bill right now.\n    [Laughter.]\n    Senator Nelson. The approach is virtually along the same \nlines. It would be more, instead of the implied consent that \nSenator Wyden\'s bill indicates, there would be more of a \nconsumer protection. The message would have to have an opt-out \nprovision where the consumer could say, I do not want any more \nof this, and if we are really going to put teeth into this, \nthat this violation, both criminal penalty with jail time and/\nor fines, would be the first element showing the conspiracy or \ncontinuum of activities that would activate the RICO Act, which \nis the Racketeer Influenced and Corrupt Organization Act, which \nthen gives prosecutors the tools to go after the criminal \nenterprise and to confiscate the assets.\n    Now, that is starting to put some bite into the \nlegislation, and so I want to offer that, and that will be a \npart of the discussion as we get in and tinker with this \nlegislation, trying to fit and design a solution so that \nconsumers can start using their e-mail. I mean, it is just \nunbelievable.\n    A week ago, I was in my Tampa office. The press had come \nin. We were just going to shoot the breeze, and I happened to \npunch up on the computer to see what messages were there. In 1 \nday, I had a normal letter-size piece of paper, single-spaced, \nfull of unwanted e-mail messages, two of which were \npornographic. Now, if that is happening to a United States \nSenator, you can imagine what is happening to our citizens all \nacross the country, and they do not want this, and it is time \nfor the Government to do something to stop it.\n    Another interesting change is that the major network \nproviders in the past have been quite skittish about any kind \nof interference with this new form of communication, but they \nhave come around now because we are starting to see that there \nis so much of an interference with the normal communication \nlines that the Government is going to have to step in and do \nsomething about this, perhaps with the FTC, but also very \nlikely with legislation.\n    And I will just close my comments and dash off to vote, to \nsay this. Since I had that conversation in my Tampa office, the \nmedia wrote about it, and that has been in Florida, and I will \ntell you, everywhere I have gone in Florida since, people keep \ncoming up to me and saying, thank you for being willing to do \nsomething about this, because it has gotten to the point that \nwe are fed up and we have had enough, so I hope that we will do \nsomething about it.\n    The Committee will stand in recess.\n    [Recess.]\n    The Chairman. We will resume the hearing. The witnesses in \nthe first panel are Hon. Orson Swindle of the Federal Trade \nCommission and Hon. Mozelle Thompson, also with the Federal \nTrade Commission. Welcome, gentlemen. Since one of you has \nwhite hair and one of you has no hair, we will begin with the \nwhite-haired Mr. Swindle.\n    [Laughter.]\n    Mr. Thompson. I am just follically challenged.\n    [Laughter.]\n    Mr. Swindle. I would win if we did this on looks, too.\n    [Laughter.]\n    The Chairman. Mr. Thompson.\n    [Laughter.]\n\n STATEMENT OF HON. ORSON SWINDLE, COMMISSIONER, FEDERAL TRADE \n                           COMMISSION\n\n    Mr. Swindle. Thank you, Mr. Chairman and Members of the \nCommittee, for this timely discussion of spam and the threat it \nposes to potential benefits of information technology. \nConsumers must have trust and confidence and comfort with \ntechnology and its uses, particularly when it comes to their \nprivacy and security of personal and sensitive information. \nSpam undermines consumer trust and confidence. It represents a \nsignificant and rapidly growing threat to web-based services. \nThe Commission\'s prepared testimony provides the Committee with \nan excellent overview of our efforts to combat spam.\n    What is spam? We have heard it discussed several times this \nmorning. The FTC defines spam as any commercial electronic mail \nmessage that is sent, typically in bulk, to consumers without \nthe consumers\' prior request or consent. I think the Chairman\'s \nterm, unwanted, may be perfect.\n    There are at least four major concerns caused by spam. \nFirst, the volume is increasing at astonishing rates. Current \nestimates indicate that at least 40 percent of all e-mail is \nspam. Second, recent studies by the FTC indicate that spam has \nbecome the weapon of choice of those engaged in fraud and \ndeception. Nearly 66 percent of the spam we examined appeared \nto contain falsity and deception. I would ask that our False \nClaims in Spam Report be included as part of the record, Mr. \nChairman.\n    The Chairman. Without objection.\n    [The information referred to follows:]\n\n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n    <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n    \n\n    Mr. Swindle. Third, the sheer volume of spam, coupled with \nits capacity to transmit viruses, trojan horses and other \ndamaging code, threatens to do major damage to the Internet and \nour critical infrastructure.\n    Fourth, there is no easy solution. No one silver bullet \nthat will solve the problem. Solutions must be pursued from \nmany directions. These concerns represent enormous cost to \nbusinesses, the economy, consumers, and society.\n    Two specific problems demand attention by policymakers and \nindustry leaders. First, there is the complex combination of \ntechnology, market forces, and public policy that will be \nevolving for years to come. The second problem is one that I \ncharacterize as being heavily influenced by the emotions of \nconsumers, small businesses, and home users by the millions who \nare literally fed up with spam. I am concerned that spam is \nabout to kill the killer app of the Internet, specifically \nconsumer use of e-mail and E-commerce. If consumers lose \nconfidence in web-based services and turn away, tremendous harm \nwill be done to the economic potential of information \ntechnology. Solving these problems will require innovation, \nresources, and time.\n    However, dealing with the emotional reaction to spam by \nmillions of users will demand immediate attention before it \ngets out of hand. Internet service providers, software \nmanufacturers, and those engaged in designing operating systems \nmust empower consumers with better control over their incoming \ne-mail. Easing the spam burden on consumers would help to shore \nup trust and confidence.\n    Surely consumer empowerment is possible today. Why has \nindustry not solved this problem? Frankly, to date I am not \nconvinced that industry has made the commitment or really wants \nto empower consumers by giving them easy-to-use tools for \npersonal control.\n    I read a book last summer, Tuxedo Park, by Jennet Conant, a \nfascinating account of Alfred Loomis, a wealthy financier from \nthe 1920s. He funded a private research laboratory at his \nTuxedo Park estate, attracting the greatest scientists of the \nday. They were instrumental in the rapid development of radar, \nwhich enabled us to keep the supply lines open to England in \nearly World War II. Wartime crisis demanded that creative minds \nquickly find technical solutions to complex problems. Loomis \nand his friends were up to the task. It occurs to me that we \nhave a crisis today. We must avoid major setbacks to the \npotential of information technology. We need great minds to \nquickly find solutions to spam. Empowering consumers would be a \ngood first step. Is industry motivated to do the right thing, \nand do it now?\n    The FTC\'s law enforcement efforts against spam are \naggressive, but finding the guilty parties is resource-\nintensive and a difficult technical challenge. We give consumer \neducation high priority at the commission. Our information \nsecurity website and private sector partnerships continue to \nexpand our reach. Recently, we released findings from three \nstudies to better understand the magnitude of the spam problem, \nhow spam is proliferated, and how consumers and users are \nvictimized.\n    Our recent 3-day spam forum aimed to better inform the \ndialogue and find the best possible solutions to the spam \nproblem. The forum was remarkable in its discussions and \nparticipation, over 400 participants and some 80 or so \npanelists. I would like to share some of the forum\'s \nrevelations, as well as some personal observations about the \nrealities of spam. First and foremost, the private sector must \nlead the way to finding the solution. We likely will not find \nthe perfect solution. The target will be constantly moving as \ntechnology evolves. More laws are not necessarily the right \nanswer.\n    I heard little universal enthusiasm from participants for \ncurrently proposed legislation. Laws bestowing competitive \nadvantage to larger firms over smaller firms are questionable. \nUnenforceable laws will have little real effect. Overreaching \nlaws will have unintended adverse consequences. Passing \nlegislation to mandate best practices for the good actors will \nnot help us track down the bad actors engaged in fraud and \ndeception. We must work together.\n    Consumers, users, and civil society organizations must be a \npart of our continuing dialogue to find solutions. Awareness \nand safe computing practices by all participants are essential, \nand developing a culture of security where all participants \nwork to minimize our many vulnerabilities is an imperative, not \nan alternative. Our efforts to solve the spam problem and \nsecure our information systems and networks is not a \ndestination. We are embarked upon a journey.\n    I thank you, Mr. Chairman.\n    [The prepared statement of Mr. Swindle follows:]\n\n        Prepared Statement of Hon. Orson Swindle, Commissioner, \n                        Federal Trade Commission\n    Thank you Mr. Chairman and members of the Committee for this timely \ndiscussion of SPAM and the threat it poses to the potential benefits of \ninformation technology.\n    Consumers must have trust, confidence and comfort with technology \nand its uses, particularly when it comes to their privacy and the \nsecurity of personal and sensitive information.\n    SPAM undermines consumer trust and confidence. It represents a \nsignificant and rapidly growing threat to web-based services. The \nCommission\'s prepared testimony provides the Committee with an-\nexcellent overview of our efforts to combat SPAM.\n    What is SPAM? The FTC defines unwanted and unsolicited SPAM as \n``any commercial electronic mail message that is sent-typically in \nbulk-to consumers without the consumers prior request or consent.\'\'\n    There are at least four major concerns caused by SPAM.\n    First, the volume is increasing at astonishing rates, current \nestimates indicate at least 40 percent of all e-mail is SPAM.\n    Second, recent studies by the FTC indicate that SPAM has become the \nweapon of choice of those engaged in fraud and deception. Nearly 66 \npercent of the SPAM we examined appeared to contain falsity and \ndeception. I would ask our False Claims in Spam report be included as \npart of the record.\n    Third, the sheer volume of SPAM--coupled with it\'s capacity to \ntransmit viruses, trojan horses, and other damaging code--threatens to \ndo major damage to the Internet and our critical infrastructure and the \nInternet.\n    Fourth, there is no easy solution--no one silver bullet that will \nsolve the problem. Solutions must be pursued from many directions.\n    These concerns represent enormous costs to businesses, the economy, \nconsumers and society.\n    Two specific problems demand attention by policy makers and \nindustry leaders. First, there is the complex combination of \ntechnology, market forces and public policy that will be evolving for \nyears to come. The second problem is one that I characterize as heavily \ninfluenced by the emotions of consumers, small--businesses and home \nusers by the millions who are literally fed up with SPAM.\n    I am concerned that SPAM is about to kill the ``killer app\'\' of the \nIinternet--specifically--consumer use of e-mail and e-commerce. If \nconsumers lose confidence in web-based services and turn away, \ntremendous harm will be done to the economic potential of information \ntechnology.\n    Solving these problems will require innovation, resources and time. \nHowever, dealing with the emotional reaction to SPAM by millions of \nusers, demands immediate attention before it gets out of hand.\n    Internet service providers, software manufacturers, and those \nengaged in designing operating systems must empower consumers with \nbetter control over their incoming e-mail. Easing the SPAM burden on \nconsumers would help to shore up trust and confidence. Surely, consumer \nempowerment is possible today. Why has industry not solved this \nproblem?\n    Frankly, to date, I am not convinced that industry has made the \ncommitment or really wants to empower consumers by giving them easy-to-\nuse tools for personal control.\n    I read a book last summer, Tuxedo Park, by Jennet Conant--a \nfascinating account of Alfred Loomis, wealthy financier from the 1920s. \nHe funded a private research laboratory at his Tuxedo Park estate, \nattracting the great scientists of his day. They were instrumental in \nthe accelerated development of radar which enabled us to keep supply \nlines open to England early in WWII. War time crisis demanded that \ncreative minds quickly find technical solutions to complex problems. \nLoomis and friends were up to the task.\n    It occurs to me that we have a crisis today--we must avoid major \nset backs to the potential of information technology. We need great \nminds to quickly find solutions to SPAM. Empowering consumers would be \na good first step. Is industry motivated to do the right thing and do \nit now?\n    he FTC\'s law enforcement efforts against SPAM are intensifying, but \nfinding the guilty parties is resource intensive and a difficult \ntechnical challenge.\n    We give consumer education high priority at the Commission. Our \ninformation Security website and private sector partnerships continue \nto expand our reach.\n    Recently, we released findings from three studies to better \nunderstand the magnitude of the SPAM problem, how SPAM is proliferated, \nand how consumers and users are victimized.\n    Our recent three-day SPAM Forum aimed to better inform the dialogue \nand find the best possible solutions to the SPAM problem. The Forum was \nremarkable in its discussions and participation--over 400 participants \nand 80 panelists.\n    I would like to share some of the Forum\'s revelations--as well as \nsome personal observations--about the realities of SPAM.\n    First and most essential--the private sector must lead the way!\n    We likely will not find the perfect solution. The target will be \nconstantly moving as technology evolves.\n    More laws are not necessarily the right answer.\n    I heard little universal enthusiasm from participants for currently \nproposed legislation.\n    Laws bestowing competitive advantage to larger firms over smaller \ncompetitors are questionable.\n    Unenforceable laws will have little real effect: Overreaching laws \nwill have unintended adverse consequences.\n    Passing legislation to mandate best practices for ``good actors\'\' \nwill not help us track down the ``bad actors\'\' engaged in fraud and \ndeception.\n    We must work together. Consumers, users, and civil society \norganizations also must be a part of our continuing dialogue to find \nsolutions.\n    Awareness and safe computing practices by all participants are \nessential.\n    Developing a culture of security where all participants work to \nminimize our many vulnerabilities is an imperative, not an alternative.\n    Our efforts to solve the SPAM problem and secure our information \nsystems and networks is not a destination--we are embarked upon a \njourney!\n    Thank you, Mr. Chairman.\n\n    The Chairman. Thank you.\n    Commissioner Thompson, welcome.\n\n STATEMENT OF HON. MOZELLE W. THOMPSON, COMMISSIONER, FEDERAL \n                        TRADE COMMISSION\n\n    Mr. Thompson. Thank you, Mr. Chairman. I thank you for this \nopportunity to appear before you today and talk about the issue \nof spam, bulk unsolicited commercial e-mail. At the outset, I \nwould like to praise this Committee and its Members for holding \nthis hearing and the work that it has done over the years to \nfocus attention on this important subject. Spam is a complex \nissue that resonates with consumers, businesses, and \nGovernments alike. The FTC, along with Members of this \nCommittee, have been interested in this issue for a long time.\n    In 2001, the Committee asked this Commission\'s views on the \nCAN-SPAM Act, S. 630, sponsored by Senators Burns and Wyden. At \nthat time, we unanimously supported the bill, stating the \nCommission generally favors the underlying goal of the \nlegislation, and as set forth in our written testimony \nsubmitted today, the FTC has already brought over 50 cases \nagainst deceptive and fraudulent spam. While these cases are \nimportant, they focus on only one aspect, fraud and deception, \nof what has grown to be a much larger problem. For this reason, \n3 weeks ago, the Commission held a 3-day workshop to get a \nbetter insight on the problem of spam.\n    My observation is that it was a unique event. It was a \nunique week. It is not every day that an FTC workshop draws \nover 400 attendees for 3 days to pose questions to 87 panelists \nrepresenting a wide perspective on one issue. At the same time, \nthree of America\'s largest ISPs announced a voluntary business \ninitiative and three new legislative proposals were introduced, \nand there have been more since then.\n    In addition, representatives from numerous countries, \nincluding Australia, Canada, Japan, and the European Union, \nalso attended and participated in those discussions. We are \njust beginning to digest all of this information, so we have \nnot reached conclusions about how this information may affect \nour views, but like Commissioner Swindle, I would like to share \nat least some of my observations.\n    One key lesson we learned from our spam workshop is the \nscope of the spam problem appears to have changed \nsignificantly. It is no longer simply a matter of consumer \nannoyance at receiving unwanted e-mail. We have some very \nsignificant problems. First, that through fraud and deception \nacross international borders, there is an undermining of \nconsumer confidence, as shown by this chart here, that how much \nof the spam has falsity in its face.\n    Second, that it threatens business, because the volume of \ne-mail places a choke-hold on E-commerce. It was the first time \nI had actually heard a large group of witnesses claim that spam \nconstitutes a threat to the future of the Internet, and you can \njust see from this chart the growth from 8 percent to 45 \npercent this year, and projected to 2007, that it could \nconstitute up to 70 percent of e-mail.\n    Finally, we heard a lot about areas that Commissioner \nSwindle has worked in, talking about security issues, including \nspam used to spread viruses, and the very disruption of service \ncaused by volume that could impact the activities of consumers, \nbusinesses, and Governments on the Internet. What that tells me \nis that the problem of spam has become broader. It has evolved, \nand the scope of possible solutions may also have to expand. \nClearly, strong law enforcement is an important part of this.\n    To address fraud and deception, we also have to work with \nother countries\' law enforcers for cross-border actions, and I \nknow the Committee is aware that the FTC has submitted some \nlegislative proposals this year to enable us to have better \ntools to work cooperatively with other governments to root out \nfraud and deception, but there also has to be a business \nanswer, with business initiatives and best practices that \ndistinguishes good actors from bad, and we also want to ensure \nthat there continues to be incentives to develop technological \ntools that provide consumers with means to address and manage \ntheir e-mail. Finally, there has to be strong consumer and \nbusiness education to enable consumers to make better choices, \nand to protect themselves.\n    The interesting challenge for all of this is, all of it has \nto take place within a backdrop, or an umbrella that \naccommodates a desire for a timely solution, one that has \nongoing flexibility, because, as was alluded to earlier, there \nare very clever people out there, and we have to have a \nmechanism to be as clever as they are, and finally, First \nAmendment concerns, because the Supreme Court, we know, is now \nconsidering what are the boundaries of commercial speech.\n    Now, I would like to conclude by saying that, to recognize \nthe importance of what this Committee does and how we respond \nto spam, that as you all are aware, I spend also a lot of time \ninternationally as Chair of the OECD Consumer Policy Committee, \nwhere we are talking about this issue and how to address it \ninternationally. We are also talking about how to address this \nbilaterally.\n    I can tell you that, although other countries have looked \nat legislation, some have passed it, they have tried various \nenforcement tools, around the world people are looking to the \nUnited States for leadership on how we address this problem, \nhow we can provide consumers with a good experience, how we can \nmake this tool useful to businesses and consumers alike and \nstill provide a free flow of information. It is an interesting \nchallenge for us, but I am sure it is one the Committee is \nwell-equipped to meet.\n    Thank you.\n    [The prepared statement of Mr. Thompson follows:]\n\n           Prepared Statement of the Federal Trade Commission\n    Mr. Chairman, the Federal Trade Commission appreciates this \nopportunity to provide information to the Committee on the FTC\'s \nefforts to address the problems that result from bulk unsolicited \ncommercial e-mail. This statement discusses the Commission\'s law \nenforcement efforts against spam, describes our efforts to educate \nconsumers and businesses about the problem of spam, and focuses \nparticularly on the Commission\'s recent Spam Forum and several studies \non the subject that the Commission\'s staff has undertaken in recent \nmonths.\\1\\\n---------------------------------------------------------------------------\n    \\1\\ The views expressed in this statement represent the views of \nthe Commission. Commissioners\' oral statements and responses to any \nquestions you may have represent their own views, and not necessarily \nthe views of the Commission or any other Commissioner.\n---------------------------------------------------------------------------\n    As the Federal Government\'s principal consumer protection agency, \nthe FTC\'s mission is to promote the efficient functioning of the \nmarketplace by acting against unfair or deceptive acts or practices and \nincreasing consumer choice by promoting vigorous competition. To \nfulfill this mission, the Commission enforces the Federal Trade \nCommission Act, which prohibits unfair methods of competition and \nunfair or deceptive acts or practices in or affecting commerce.\\2\\ \nCommerce on the Internet, including unsolicited commercial e-mail, \nfalls within the scope of this statutory mandate.\n---------------------------------------------------------------------------\n    \\2\\ The FTC has limited or no jurisdiction over specified types of \nentities and activities. These include banks, savings associations, and \nFederal credit unions; regulated common carriers; air carriers; non-\nretail sales of livestock and meat products under the Packers and \nStockyards Act; certain activities of nonprofit corporations; and the \nbusiness of insurance. See, e.g., 15 U.S.C. Sec. Sec. 44, 45, 46 (FTC \nAct); 15 U.S.C. Sec. 21 (Clayton Act); 7 U.S.C. Sec. 227 (Packers and \nStockyards Act); 15 U.S.C. Sec. Sec. 1011 et seq. (McCarran-Ferguson \nAct).\n---------------------------------------------------------------------------\n    Unsolicited commercial e-mail (``UCE\'\' or ``spam\'\') is any \ncommercial electronic mail message that is sent--typically in bulk--to \nconsumers without the consumers\' prior request or consent. The extreme \nspeed, anonymity and negligible cost of sending spam differentiate it \nfrom other forms of unsolicited marketing, such as direct mail or \ntelemarketing. Those marketing techniques, unlike spam, impose costs on \nmarketers that limit their use.\n    There are two basic problems with spam. First, deception and fraud \nappear to characterize the vast majority of spam. Indeed, spam appears \nto be the vehicle of choice for many fraudulent and deceptive \nmarketers. Second, a serious Internet infrastructure problem flows from \nthe sheer volume of spam that is now being sent. Spam, even if not \ndeceptive, may lead to significant disruptions and inefficiencies in \nInternet services, and may constitute a significant problem for \nconsumers and businesses using the Internet. In addition, spam can \nspread viruses that wreck havoc for computer users. These problems \ntogether pose a threat to consumers\' confidence in the Internet as a \nmedium for electronic commerce.\n    Virtually all of the panelists at the Commission\'s recent Spam \nForum, described in more detail below, opined that the volume of \nunsolicited e-mail is increasing exponentially and that we are at a \n``tipping point,\'\' requiring some action to avert deep erosion of \npublic confidence in e-mail that could hinder, or even destroy, it as a \ntool for communication and online commerce. In other words, as some \nhave expressed it, spam is ``killing the killer ap.\'\' The consensus of \nall participants in the workshop was that a solution to the spam \nproblem is critically important, but cannot be found overnight. There \nis no quick or simple ``silver bullet.\'\' Rather, solutions must be \npursued from many directions--technological, legal, and consumer \naction. The Forum helped to suggest paths to follow toward solutions to \nthe spam problems. These solutions will depend on cooperative efforts \nbetween government and the private sector. In fact, the Forum is only \nthe most recent example of the FTC\'s role as convener, facilitator, and \ncatalyst to encourage that activity. But the Commission also plays \nanother important role--that of law enforcer.\n    The Commission has pursued a vigorous law enforcement program \nagainst deceptive spam, and to date has brought 53 cases in which spam \nwas an integral element of the alleged overall deceptive or unfair \npractice.\\3\\ Most of those cases focused on the deceptive content of \nthe spam message, alleging that the various defendants violated Section \n5 of the FTC Act through misrepresentations in the body of the \nmessage.\\4\\ More recently, the Commission has expanded the scope of its \nallegations to encompass not just the content of the spam but also the \nmanner in which the spam is sent. Thus, FTC v. G. M. Funding,\\5\\ and \nF.T.C. v. Brain Westby \\6\\ allege (1) that e-mail ``spoofing\'\' is an \nunfair practice,\\7\\ and (2) that failure to honor a ``remove me\'\' \nrepresentation is a deceptive practice. In these cases, the defendants\' \ne-mail removal mechanisms did not work and consumers\' e-mailed attempts \nto remove themselves from defendants\' distribution lists were returned \nas undeliverable.\n---------------------------------------------------------------------------\n    \\3\\ A summary listing of these cases is attached as Appendix A.\n    \\4\\ E.g., FTC v. 30 Minute Mortgage, Inc., No. 03-60021 (S.D. Fla. \nfiled Jan. 9, 2003).\n    \\5\\ No. SACV 02-1026 DOC (C.D. Cal. filed Nov. 2002).\n    \\6\\ No. 032-3030 (N.D. Ill. filed Apr. 15, 2003).\n    \\7\\ ``Spoofing\'\' involves forging the ``from\'\' or ``reply to\'\' \nlines in an e-mail to make it appear that the e-mail was sent from an \ninnocent third-party. The third party then receives bounced-back \nundeliverable messages and angry ``do not spam me\'\' complaints.\n---------------------------------------------------------------------------\n    Westby is also the first FTC case to allege that a misleading \nsubject line is deceptive because it tricks consumers into opening \nmessages they otherwise would not open. In other cases, the Commission \nhas alleged that the defendants falsely represented that subscribing to \ndefendants\' service could stop spam from other sources \\8\\ or that \npurchasers of a spamming business opportunity could make substantial \nprofits.\\9\\ Thus, through our law enforcement actions the Commission \nhas attacked and will continue to attack deception and unfairness in \nevery aspect of spam.\n---------------------------------------------------------------------------\n    \\8\\ FTC v. NetSource One, No. 022-3077 (W.D. Ky. filed Nov. 2, \n2002).\n    \\9\\ FTC v. Cyber Data, No. CV 02-2120 LKK (E.D. Cal. filed Oct. \n2002); FTC v. Internet Specialists, No. 302 CV 01722 RNC (D.Conn. filed \nOct. 2002).\n---------------------------------------------------------------------------\n    Experience in these cases shows that the primary law enforcement \nchallenges are to identify and locate the targeted spammer. Of course, \nfinding the wrongdoers is an important aspect of all law enforcement \nactions, but in spam cases it is a particularly daunting task. Spammers \ncan easily hide their identity, forge the electronic path of their e-\nmail messages, or send their messages from anywhere in the world to \nanyone in the world. Tracking down a targeted spammer typically \nrequires an unusually large commitment of staff time and resources, and \nrarely can it be known in advance whether the target\'s operation is \nlarge enough or injurious enough to consumers to justify the resource \ncommitment.\n    To complement its law enforcement efforts, the Commission endeavors \nto educate consumers and businesses on ways they can reduce the amount \nof unwanted spam they receive, and about particular types of scams \ncommonly disseminated through spam, such as illegal chain letters and \n``Nigerian\'\' scams.\\10\\ These materials are available on the FTC\'s spam \nwebsite, www.ftc.gov/spam.\n---------------------------------------------------------------------------\n    \\10\\ Claiming to be well-placed Nigerians, con artists offer to \ntransfer millions of dollars into the prospective victim\'s bank account \nin exchange for a small fee. Those who respond to the initial offer may \nreceive official-looking documents. Typically, the victim is then asked \nto provide blank letterhead and his or her bank account numbers, as \nwell as some money to cover transaction and transfer costs and \nattorney\'s fees.\n---------------------------------------------------------------------------\n    Another aspect of the Commission\'s approach to spam is to \ninvestigate and research the problems it poses to understand them \nbetter. Through this research, the Commission can refine and better \nfocus its law enforcement and consumer and business education efforts.\nStudying the Spam Problem\n    The Commission has engaged in several research projects to explore \nhow spam affects consumers and online commerce. These projects include \na ``Remove Me\'\' surf, a ``spam Harvest,\'\' and a study of False Claims \nin Spam.\nThe ``Remove Me\'\' Surf\n    Last year the Commission announced the results of the ``Remove Me\'\' \nsurf, in which the FTC and law enforcement partners tested whether \nspammers where honoring the ``remove me\'\' or ``unsubscribe\'\' options in \nspam.\\11\\ From e-mail that participating agencies had forwarded to the \nFTC\'s spam database, the Commission\'s staff selected more than 200 \nmessages that purported to allow recipients to remove their names from \na spam list. The agencies set up dummy e-mail accounts to test the \npledges. We found that 63 percent of the removal links and addresses in \nour sample did not function. If a return address does not work to \nreceive return messages, it is unlikely that it could be used to \ncollect valid e-mail addresses for use in future spamming. This finding \ntends to disprove the common belief that responding to spam guarantees \nthat you will receive more of it.\n---------------------------------------------------------------------------\n    \\11\\ The ``Remove-Me\'\' surf was conducted as part of International \nNetforce, an enforcement sweep in which the FTC was joined by the \nAlaska Attorney General, the Alaska State Troopers, Government Services \nof the Province of Alberta, the British Columbia Securities Commission, \nthe British Columbia Solicitor General, the Canadian Competition \nBureau, the Idaho Attorney General, the Montana Department of \nAdministration, the Oregon Department of Justice, the Washington \nAttorney General, the Washington State Department of Financial \nInstitutions, and the Wyoming Attorney General.\n---------------------------------------------------------------------------\nThe ``Spam Harvest\'\'\n    In its ``Spam Harvest,\'\' the Commission\'s staff conducted an \nexamination of what online activities place consumers at risk for \nreceiving spam. The examination discovered that one hundred percent of \nthe e-mail addresses posted in chat rooms received spam; one received \nspam only eight minutes after the address was posted. Eighty-six \npercent of the e-mail addresses posted at newsgroups and Web pages \nreceived spam, as did 50 percent of addresses at free personal Web page \nservices, 27 percent from message board postings, and 9 percent of e-\nmail service directories. The ``Spam Harvest\'\' also found that the type \nof spam received was not related to the sites where the e-mail \naddresses were posted. For example, e-mail addresses posted to \nchildren\'s newsgroups received a large amount of adult-content and \nwork-at-home spam.\n    As part of this project, the staff developed consumer education \nmaterial, including a publication, ``E-mail Address Harvesting: How \nSpammers Reap What You Sow,\'\' that provides tips, based on the lessons \nlearned from the Spam Harvest, to consumers who want to minimize their \nrisk of receiving spam. The tips advise, among other things, that \nconsumers can minimize the chances of their addresses being harvested \nby using at least two e-mail addresses--one for use on websites, \nnewsgroups and other public venues on the web, and another e-mail \naddress solely for personal communication. Another suggested strategy \nto reduce spam is ``masking\'\' (disguising) e-mail addresses posted in \npublic.\\12\\\n---------------------------------------------------------------------------\n    \\12\\ Masking involves putting a word or phrase in one\'s e-mail \naddress so that it will trick a harvesting computer program, but not a \nperson. For example, if one\'s e-mail address is ``<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e9838681878d868ca98490809a99c78a8684">[email&#160;protected]</a>,\'\' \none could mask it as ``<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="670d080f09030802271417060a0610061e490a1e0e14174904080a49">[email&#160;protected]</a>\'\' Some newsgroup \nservices or message boards won\'t allow masking of e-mail addresses and \nsome harvesting programs may be able to pick out common masks.\n---------------------------------------------------------------------------\nThe ``False Claims in Spam\'\' Study\n    An additional FTC staff study examined false claims in spam. The \nstaff examined 1,000 spam messages selected randomly from three \nsources: our spam database of consumer-forwarded messages, the spam \nreceived at the addresses used in the Spam Harvest, and spam that \nreached FTC employee computers. The staff analyzed the messages based \nupon the types of products or services offered, the indicia of \ndeception in the content of the messages, and the indicia of deception \nin the ``from\'\' and ``subject\'\' lines of the messages.\n    The Types of Products or Services Offered--The staff found that 20 \npercent of the spam contained offers for investment or business \nopportunities, which include such things as work-at-home offers, \nfranchise opportunities, or offers for securities. Another 18 percent \nof the spam offered adult-oriented products or services. Of those adult \nmessages, about one-fifth included images of nudity that appeared \nautomatically in the body of the message. Further, 17 percent of the \nspam messages involved finance, including credit cards, mortgages, \nrefinancing, and insurance. All together, the investment/business \nopportunity, adult, and finance offers comprised 55 percent of our \nsample.\n    Indicia of Falsity in the Content of Spam Messages--The staff also \ndetermined how many spam messages appeared misleading. Using expertise \ngleaned from past law enforcement actions and recent research efforts, \nthe staff identified specific representations likely to be false. The \nstaff found that 40 percent of all the combined categories of spam \nmessages contained indicia of falsity in the body of the message. An \nastonishing 90 percent of the investment/business opportunity category \nof spam contained indicia of false claims.\n    Evidence of Falsity in the ``From\'\' and ``Subject\'\' Lines--The \nstaff also looked at evidence of deception in the ``from\'\' and \n``subject\'\' lines of the spam. One third of the messages contained \nindicia of falsity in the ``from\'\' line. Messages falling into this \ncategory included ``from\'\' lines connoting a business or personal \nrelationship, such as using a first name only, or stating ``Your \n<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a4e5c7c7cbd1cad0e4fcfdfe8ae7ebe98a">[email&#160;protected]</a>\'\' Another common instance of misleading ``from\'\' lines \noccurs when spammers make the sender\'s name the same as the recipient\'s \naddress, so it appears that one has sent the message to oneself.\n    In addition, the staff found that 22 percent of the spam messages \ncontained indicia of falsity in the subject line, such as using ``Re:\'\' \nto indicate familiarity or a subject line that was unrelated to the \ncontent of the message, such as ``Hi\'\' or ``Order Confirmation.\'\' Over \none third of adult-content spam contained false information in the \nsubject line. Further, only two percent of the analyzed spam contained \nthe label ``ADV:\'\' in the ``subject\'\' line, even though such a label is \nrequired by the laws of several states.\n    Conclusions of the False Claims in Spam Study--Adding up the \nvarious forms of deception, the staff found that 66 percent of the spam \nappeared to contain at least one form of deception.\\13\\ This Spam Study \nconfirms the Commission\'s earlier belief that fraud operators, who are \noften among the first to exploit any technological innovation, have \nseized on the Internet\'s capacity to reach millions of consumers \nquickly and at a low cost through spam. Not only are fraud operators \nable to reach millions of individuals with one message, but they also \ncan misuse technology to conceal their identity. The Commission \nbelieves the proliferation of fraudulent or deceptive spam on the \nInternet poses a threat to consumer confidence in online commerce and, \ntherefore, views the problem of deception as a significant issue in the \ndebate over spam.\n---------------------------------------------------------------------------\n    \\13\\ The remaining spam messages were not necessarily truthful, but \nthey did not contain any obvious indicia of falsity.\n---------------------------------------------------------------------------\nThe FTC Spam Forum\n    Building upon our research, education, and law enforcement efforts, \nthe FTC held a three-day public forum from April 30 to May 2, 2003 on \nspam e-mail. This was a wide-ranging public examination of spam from \nall viewpoints. The Commission convened this event for two principal \nreasons. First, spam is frequently discussed, but facts about how it \nworks, its origins, what incentives drive it, and so on, are not widely \nknown. The Commission anticipated that the Forum would generate an \nexchange of useful information about spam to help inform the public \npolicy debate. This could help the Commission determine what more it \nmight do to more effectively fulfill our consumer protection mission in \nthis area. Second, the Commission sought to act as a potential catalyst \nfor solutions to the spam problem. Through the Forum, the Commission \nbrought to the table representatives from as many sides of the issue as \npossible to explore and encourage progress toward possible solutions to \nthe detrimental effects of spam.\n    The Commission believes that the Forum advanced both goals. As \ndescribed below, the panelists contributed valuable information from a \nvariety of differing viewpoints to the public record. In addition, the \nForum spurred a number of participants into cooperation and action. \nMost notably, on the eve of the Forum, industry leaders Microsoft, \nAmerica Online, and Yahoo! announced a collaborative effort to stop \nspam. Moreover, several potential technological solutions to spam were \nannounced either at or in anticipation of the Forum. The Commission \nintends to foster this dialogue, and, when possible, to encourage other \nsimilar positive steps on the part of industry.\n    The strong interest in addressing spam is shared by: consumers, \nInternet Service Providers (``ISPs\'\'), law enforcement authorities, \nmarketing services, bulk e-mail marketers, anti-spammers, and retailers \nand manufacturers. These interest groups were represented at the Forum \nby 87 different panelists collectively possessing a tremendous range of \nexpertise, and coming from all over the globe to participate in this \ndiscussion. Distinguished representatives from the European Commission, \nCanada, Australia, Korea, and Japan offered their views on how spam \naffects their countries and how they are trying to tackle the problem. \nOn the domestic front, panelists included prominent representatives \nfrom all sectors affected by spam, such as the president of the \nconsumer group, the SpamCon Foundation, the president of the Direct \nMarketing Association, vice presidents of America Online and Microsoft, \nand the Washington State Attorney General. Distinguished members of \nCongress--Senators Burns, Wyden, and Schumer, and Representative \nLofgren--also addressed Forum attendees.\n    The Spam Forum was organized into twelve panel discussions that \nwere conducted over the course of three days. In addition to the 87 \npanelists, approximately 400 people were present each day in the \naudience at the FTC Conference Center, with many more individuals \nparticipating via a video link or by teleconference. Questions for the \npanelists were accepted from the audience and via a special e-mail \naddress from those attending through video link or teleconferencing.\n    Day One of the Forum focused on the mechanics of spam. Panelists \ndiscussed in detail how spammers find e-mail addresses and how \ndeception in the sending of spam affects consumers and online commerce. \nDiscussions then focused upon security weaknesses that enable or \nfacilitate spam, such as open relays \\14\\ and open proxies.\\15\\ Day Two \nexplored the economic costs of spam. Panelists participated in an in-\ndepth discussion of economic incentives inherent in spam and the costs \nof spam to marketers, ISPs, and consumers, and its effects on emerging \ntechnologies. Specifically, panelists discussed spam blacklists, e-mail \nmarketers, and wireless spam (unsolicited text messages received via \ncell phone). Day Three focused on potential solutions to spam. \nPanelists discussed three potential avenues to a solution: legislation, \nlitigation, and technology. Specific topics covered included: state, \nfederal, and international legislation; civil and criminal law \nenforcement and private litigation against spammers; and various \ntechnological approaches.\n---------------------------------------------------------------------------\n    \\14\\ Open relays allow spammers to route their e-mail through \nservers of other organizations, thereby disguising the origin of the e-\nmail. Spammers identify and use other organizations\' open relays to \navoid detection by the filter systems that ISPs use to protect their \ncustomers from unwanted spam. Routing spam through open relays also \nmakes it difficult for law enforcement agencies to track down senders \nof fraudulent or deceptive spam.\n    \\15\\ A proxy server runs software that allows it to be the one \nmachine in a network that directly interacts with the Internet. This \nprovides the network with greater security. But if a proxy is not \nconfigured properly (i.e., if it is an ``open proxy\'\'), it also may \nallow unauthorized users to pass through the site and connect to other \nhosts on the Internet. For example, a spammer can use an open proxy to \nconnect to a mail server. If the server has an open mail relay, the \nspammer can send a large amount of spam and then disconnect--all \nanonymously.\n---------------------------------------------------------------------------\n    Panelists at the Forum bought forward an enormous amount of \ninformation about spam and how it affects consumers and businesses. \nSeveral primary themes emerged from the various discussions. First, the \nvolume of spam is increasing sharply. Many panelists reported that the \nrate of increase is accelerating. For example, one ISP reported that in \n2002 alone it experienced a 150 percent increase in spam traffic. \nSecond, spam imposes real costs. The panelists offered concrete \ninformation about the costs of spam to businesses and to ISPs. \nSpecifically, ISPs reported that costs to address spam have increased \ndramatically over the past two years. ISPs bear the cost of servers and \nbandwidth necessary to channel the flood of spam, even that part of the \nflood that is being filtered out before reaching recipients\' mail \nboxes. America Online reported that it recently blocked an astonishing \n2.37 billion pieces of spam in a single day. Third, spam is an \ninternational problem. According to our international panelists, most \nof the spam received in their countries is in English and advertises \nAmerican products or companies. Most panelists agreed that any solution \nto stopping spam will have to involve an international effort.\n    Our law enforcement experience has taught that the path from a \nfraudulent spammer to a consumer\'s in-box typically crosses at least \none international border and frequently several. Thus, fraudulent spam \nexemplifies the growing problem of cross-border fraud. To enhance our \neffectiveness in the fight against fraudulent spam and other kinds of \nfraudulent schemes that cross international borders, the Commission \nwill be asking this Committee, as part of our forthcoming \nreauthorization testimony, for additional legislative authority in a \nnumber of areas, including measures that would: allow the agency to \nshare such information on targeted schemes with our overseas \ncounterparts; provide investigative assistance to them in appropriate \ncases; improve our ability to obtain information from U.S. criminal \nagencies and Federal financial regulators, who are often investigating \nthe same types of fraudulent conduct that we are; and improve the \nagency\'s ability to obtain consumer redress in cross-border cases by \nclarifying the Commission\'s authority to take action in such cases, and \nby expanding the agency\'s ability to use foreign counsel to pursue \nassets offshore. Legislation expanding the Commission\'s authority in \nthese ways is essential to improve the agency\'s ability to fight \nfraudulent spam in particular, as well as other manifestations of the \nmore general problem of cross-border fraud.\nApproaches to Solving the Spam Problem\n    The broad themes that emerged from the Forum panel discussions \ndepict the spam problem as increasing volume, increasing costs, and \nincreasing international effects. This confirms that finding solutions \nto the problems posed by spam will not be quick or easy; moreover, the \nconsensus of panelists was that no single approach will likely cure the \nproblem. Some panelists at the Forum stated that a large scale \ntechnological change in the e-mail protocol system is not likely to \noccur. Nevertheless, others indicated that there are incremental \ntechnical changes that can be grafted onto the existing e-mail protocol \nto ease the burden of unwanted e-mail on ISPs and consumers. In \naddition, consumer representatives stressed that any solution should \ninclude consumer empowerment--to allow e-mail recipients to decide what \nmessages they want to receive in their inbox, and to give recipients \nthe technical tools to effectuate those decisions. Some panelists, but \nby no means all, advocated additional Federal legislation and law \nenforcement efforts as a means to provide needed accountability and \ndeterrence.\n    All Spam Forum participants agreed that solving the problem of bulk \nunsolicited commercial e-mail will likely necessitate an integrated \neffort involving a variety of technological, legal, and consumer \naction, rather than one single solution. Through the Forum and the \nfollow-up efforts it suggested, the Commission hopes to act as a \ncatalyst for technologists, industry, law enforcement, and policy \nofficials to work together to find a solution.\nConclusion\n    E-mail provides enormous benefits to consumers and businesses as a \ncommunication tool. The increasing volume of spam to ISPs, to \nbusinesses, and to consumers, coupled with the use of spam as a means \nto perpetrate fraud and deception put these benefits at serious risk. \nThe Commission looks forward to continuing its research, education, and \nlaw enforcement efforts to protect consumers and businesses from the \ncurrent onslaught of unwanted messages.\n    The Commission appreciates this opportunity to describe its efforts \nto address the problem of spam, and the outcome of its recent Spam \nForum.\n\n    The Chairman. I thank you both. I have gotten letters, as I \nmentioned, I would include for the record from the Center for \nDemocracy and Technology, Mr. Jerry Berman. He says, based on \nour research and further discussion, CDT believes that the spam \nproblem merits targeted Federal legislation to help alleviate \nthe burden spam causes to consumers, businesses, and ISPs, and \nI also had a letter from Mr. Gates which I think Mr. Leonsis is \ngoing to talk about more, where he makes several \nrecommendations. I would like for both of you, if you would, to \ncomment on these recommendations, perhaps in writing to us, \nbecause there is a series of them, as to your views as to \nwhether they should be included in the legislation or not.\n    I would hope, and I know that Senator Burns and Senator \nWyden would hope that we could get this issue to the floor \nsometime before the summer recess, because it is clearly an \nissue that needs to be addressed one way or the other, so I \nwould hope that you would get us that.\n    I guess my first question is, suppose that we enacted the \nbest law that took care of every problem, every loophole----\n    We have 5 minutes left on the vote, Conrad. Do you want to \ngo and vote and then come back?\n    Senator Burns. We are voting again?\n    [Laughter.]\n    The Chairman. I think so. Maybe you want to go and then \ncome back so we can keep the hearing going.\n    And what do you do about somebody located, and you have an \ninternational agreement with the major countries in the world, \nsomebody located in the Grand Caymans, as is the case with \nInternet gambling sites today. What is the answer?\n    Mr. Swindle. Senator, I will start off. Obviously, and it \nhas been said by, I think, everyone who has testified to this \npoint, that no single solution, no single thing is going to be \nthe solution. Passing legislation is not going to solve this \nproblem.\n    Someone said earlier that having legislation penalties \nwould help us hunt down the perpetrators, and that got right to \nthe point here. The penalties are not going to help us hunt \ndown the perpetrators. In fact, the biggest problem we have is \nfinding those who are sending the spam out. It is a technical \nproblem that from my observation, listening to the forum we had \nlast week, most of the people in technology were saying we do \nnot yet know how to do this. We have got a lot of work to do.\n    Laws can certainly classify a certain group of people who \ndo certain things as criminals if we want to go that far and \nsay that if we catch them, we penalize them heavily, and that \nmight be a good idea as Senator Nelson was proposing, but the \nproblem still remains finding them, and until we solve that \nproblem, we have got to seek other alternatives.\n    I speak of the emotion of the broad base of users, hundreds \nof millions, certainly in this country, and I have been told \nthe numbers may reach 600 million by the end of this year \nworldwide. It seems to me that it would be practical, and I am \nnot much on technology, but if you would give me the ability to \nput a screen in front of my computer so that nothing comes in \nthere except what is on that screen--in other words, my address \nbook--you would go a long way to solving my emotional problem \nwith spam, my frustration with it, my wanting to just turn this \nthing off and walk away from it. That will be the biggest \ndisaster we can imagine right now.\n    Some of this technical stuff is going to take years to \nevolve, the same way with the legislation, but give the \nconsumer the power, empower the consumer to say no to what is \ncoming into his mailbox, and as I mentioned in my comments, I \nam not sure that industry is prepared, and not because they \ncannot do it, but I am not sure they are prepared to do it \nbecause they do not want to do it, because it cuts them off \nfrom a potential customer. Well, I think that is dead wrong. We \nhave an issue before us that can do grave damage to this \nincredible tool that we have. I think we all need to quit \nspeaking and lobbying in terms of special interest, our own \ninterest, and think about a cause greater than ourselves. We \nhave a bigger issue here.\n    The Chairman. Commissioner Thompson.\n    Mr. Thompson. I think you highlight a very important point \nthat we have to do what we can to eliminate jurisdictions of \nconvenience, in other words, places that might serve as safe \nharbors for those who would engage in spamming. It is something \nwe have discussed internationally.\n    Countries have different ways of approaching that, and we \nare trying to talk to them about what has been effective, what \nhas not been effective, what are ways that we can look at in \nthe future. I believe that some legislative vehicle is helpful, \nbut it is not the only solution, but it also means a \ncooperative effort, and not just waiting for an international \ntreaty, although that can be a long-term goal.\n    There is a short-term goal of having ongoing discussions, \nincluding bilateral agreements and understandings about how you \nactually prosecute cases that have fraud and deception at their \ncore, and that includes what legislation we need to streamline \nthe process so that we can share information with entities that \nhave the same goals as we do.\n    I think what is important is for us at the very least to \ncome an understanding with countries about why this issue is a \nproblem and is a threat to the Internet, and a threat to \nconsumer confidence. I think we are reaching those goals, and \nto talk about what are the potential avenues for solution. I \nthink we are at that point, and it is a very important point.\n    The Chairman. Commissioner Swindle, would a do-not-spam \nlist be an effective way of cutting down on some of this \nproblem?\n    Mr. Swindle. In a word, I do not believe so. We are just \nnow coming to grips with how we are going to implement a do-\nnot-call list. In the business of telemarketing, there is a \nrelatively finite or small number of telemarketers. There are \n5,000 or 10,000. I am not sure how many there are, but when you \ntalk about the Internet, we are talking millions. We are \ntalking in telemarketing a very regulated industry that \nliterally does have borders, state control of \ntelecommunications and so forth. In the Internet, it is totally \nborderless.\n    I tried to imagine what the database for a telemarketing \nsales rule or do-not-call rule will be, and it will be large, \nbecause it is probably one of the more popular things that have \ncome down the pike since I have been there. How we manage that, \nhow we make it reactive, that it does what it is supposed to \ndo, is a very complex problem, and we are going to get there, \nbut we are not there yet. We have no experience, not ruling it \nout.\n    The Chairman. Do you agree?\n    Mr. Thompson. I agree. I also think there are challenges in \nterms of resources, because the scale and the size of what is \ngoing to be contained in any database and the security that is \ngoing to be necessary will be very resource-intensive. I think \nit can be part of a solution, but in and of itself it may not \nbe a solution.\n    The Chairman. Senator Nelson, I have got to go vote.\n    Senator Nelson. Mr. Chairman, do you want me to keep the \ntestimony going or wait until you return?\n    The Chairman. Knowing you, I am sure that is not a problem.\n    [Laughter.]\n    Senator Nelson. That is an appropriate reconfirmation of \nthe relationship that I have with the Chairman. He knows I am \nnot going to do anything crazy.\n    [Laughter.]\n    Mr. Thompson. Once again, you are in charge.\n    Mr. Swindle. If I might finish the point, and Senator--or \nCommissioner Thompson--congratulations.\n    [Laughter.]\n    Mr. Swindle. I gave you a promotion there. We are really \ngoing to take control here.\n    I was speaking of the database for telemarketing for the \ndo-not-call list on the telephone. That is going to be an \nenormously big, complex thing, but we can get a grip on it. we \nhave been doing this a long time. The Internet is something \nelse. First off, you know the debate we get in on telephones of \nportability of numbers. We cannot figure out exactly how to do \nthat.\n    How many times do people change their telephone numbers? \nNot very often. How many times do they change their e-mail \naddresses? It goes on. How many people are there out there with \ne-mail addresses, and they have multiple e-mail addresses. You \nare talking about an incredibly large database that will be \ndifficult to secure, and if I am a spammer, I just look at that \nas a target-rich environment. I do not think it is a solution.\n    Mr. Thompson. One of the challenges we have is trying to \ncater static responses to moving targets, and in this area the \ntarget is moving very quickly. As we heard earlier, people who \nare engaged in spamming have every economic incentive to be \nclever and invest their time and money in morphing themselves \ninto different entities, cloaking themselves, using the \ntechnology in order to send out their spam because it is so \ncheap for them to do so. For just a minimal positive response, \nyour return on investment is quick and rapid. It is hard for us \nin an open network to change that, but I think we are talking \nabout what other things that we can do to get at the bad \nactors, and one challenge that we still have to face is what do \nwe do about volume, because even if we get after the bad \nactors, you still have this chart with rapid increase.\n    The slope may come down a little, but because of the \neconomics, you are still going to have many people trying to \nuse this in marketing, and it could have some disruptions in \nservice and other things that make the consumer experience not \nvery good. I do not know what the right answer is, but it is a \nchallenge that we have to consider.\n    Senator Nelson. You all have mentioned that the FTC is \nseeking the additional legislative authority to improve the \nagency\'s ability to obtain information from U.S. law \nenforcement agencies. Now, can you discuss for the Committee \nhow the FTC coordinates investigations with other agencies, \ncriminal agencies, and can you expand on your request for the \nadditional legislative authority in this area?\n    Mr. Thompson. I can talk briefly about it, that I think we \nhave a good relationship with agencies within the United \nStates, and I want to clarify the question a little. I think \nwhat we are asking for are ways to make it easier for us to \nshare information with sister agencies that may lie outside of \nthe United States.\n    One of the trends that we are seeing, especially in the E-\ncommerce areas, is that we represent the richest and most \nrobust marketplace in the E-commerce base in the world. That \nmeans others who would seek to defraud people want to come here \nand victimize our citizens. Right now, the way our legislation \nworks, there are very complex rules dealing with \nconfidentiality of investigations and the information we gather \nas part of a prosecution that makes it harder for us to share \ninformation with, for example, a law enforcer in France, or a \nlaw enforcer in Canada who may be interested in prosecuting \nthose who are living there that victimize our citizens, so in \nsome ways, what we would like to see is some legislative \nstreamlining that would make it easier for us to prosecute in a \nway that recognizes the global nature of the problem.\n    Senator Nelson. Would you perhaps--while I was voting, both \nof you had already commented on the legislative approach to \nthis problem in trying to put a criminal penalty as a means of \nstopping it, recognizing that we have got to work with the \ninternational arena as well. Would you further comment how, \nwhat you would like to see in law that would give you the tools \nas the regulator to attack this problem?\n    Mr. Swindle. Senator, I mentioned, made reference to your \ncomments about rather punitive measures we could take against \nthose who do cause damage, and I am moving more and more toward \nthe belief that we are getting into criminal acts. When you \nconsider how we are so totally integrated now with information \nsystems and networks, how we are so dependent upon them, I \nmean, you know, today you can be at your home with a very \ninexpensive computer that is more powerful than the computers \nyou had in the space shuttle you went up in. That computer can \nbe captured if it is not adequately protected and then it can \nbe used as a weapon to go out and do damage to financial \nsystems, to air control systems, to the Defense Department, it \nis unlimited, because you are in these networks.\n    Those who would do this intentionally to disrupt \ninformation systems, to disrupt power grids, to disrupt air \ncontrol, to shut down through the devices and code that goes \nout, and they overwhelm ISPs, overwhelm financial networks, \nthis is grave, grave damage. This is far beyond going out and \nstealing 150 bucks from a grocery store, which is a crime. I \nthink we are approaching the point where we do need to \nestablish these people who do this as criminals, but we get \nback to the same problem, how do we find them, and that is a \ntechnology problem that we have not yet solved as far as I am \nfamiliar with.\n    But I do think, again to repeat the point that I think I \nmade while you were out, as I said in my comment, we have got \ntwo problems here. One is this very complex technical, legal, \npublic policy legislative arena, the other is this emotion, of \nall the wonderful people in this country and around the world \nwho want to use this. They are excited about it.\n    I love to shop on Amazon and eBay and things of this \nnature, but the more we are harmed by spam, and spam is one of \nthe biggest carries of viruses that damage our computers, we \nlose confidence in it and we are going to back away from that. \nThat is going to be a severe hit for the economic potential and \nentertainment potential and fun potential of information \ntechnology.\n    I contend that industry had better focus on that right now \nand get something done. They need to give consumers and users \nand students and home users and small businesses the capacity \nto put a wall in front of their computer and say, I do not want \nit in here if it is not on my wall, in other words, your \naddress book, and you know, the argument is, well, you are \ngoing to miss a message from an old friend. My problem. I can \ndeal with that much better than having this open relay. So, I \nthink criminal designation is probably going to be necessary, \nand I do think we need--to sort of paraphrase what you said, I \nthink we need a couple of good hangings here.\n    Mr. Thompson. I think a challenge, though, I think it is \nimportant perhaps to have some criminal penalties for the most \negregious behavior, but let us talk a little about the fact \nthat that may only represent the one tale of the people who are \ninvolved in spam, because one of the challenges you have when \nyou introduce the element of criminalization, the standard of \nproof may be different. The idea of intent is different. Right \nnow, for example, based on the FTC act for fraud and deception, \nwe do not have to prove intent. Once you introduce that \nelement, that makes it harder to go after what may be the bulk, \nwhich you may be able to get to based on civil prosecution and \npenalties.\n    Also, one other factor that I think is important to \nconsider is that, how do you wind up prioritizing within the \ncriminal enforcement community this kind of behavior, because \nit is not only just providing some sort of criminal remedy, but \nit is also talking to criminal prosecutors and making sure that \nthey understand how important this is compared to any number of \ndifferent criminal statutes they have to enforce, so I think \nthe challenge is to view criminal penalties, maybe one aspect \nof a solution, but there have to be many more tools in addition \nto that.\n    Senator Nelson. Thank you for your statements.\n    After the April 30 spam workshop, the Commission has \nreceived a tremendous amount of testimony from consumers \nmarketers, ISPs, filtering technology firms and many others. \nThe work that the Commission has already done in combination \nwith the workshop materials would aid this Committee in its \nwork on crafting spam legislation that works. Can you report to \nthis Committee in 45 days an outline of a legislative approach \nthat deals with the issues raised during the workshop, a \nconsumer education plan, any jurisdictional needs that should \nbe addressed in reauthorization, and the cost to implement such \nrecommendations?\n    Mr. Swindle. Senator, we would never refuse your request. \nWe will make every effort. That is one of the reasons we held \nthe workshop, because we believe that we needed to get \neverybody who is involved in this in the same room at the same \ntime and have it out, and actually a couple of them did try to \nhave it out, but I think the whole purpose of that is to try to \nbetter inform all of us, the regulators, and the legislators as \nto what we can do with this, and in the process co-opt the \nindustry in all of its respects, and even some of the people \nwho like to engage in this stuff in here and talk about the \nharm that is being done. That is our goal, to try to prepare a \nwell-informed body of knowledge, and I will certainly take back \nyour request, and we will get to work on this and give you a \nresponse to that question. I would be a little remiss if I \nanswered it before I found out what we have got.\n    Senator Nelson. Thank you very much. Thanks to both of you.\n    Senator Wyden. Senator Burns.\n    Senator Burns. Thanks for coming down today, and thanks for \nthe invite you offered us during your three day workshop down \nthere, and I am sorry I did not get to stay for it, and I have \nalready got it written down here that maybe the video that--I \nthink you videoed every session. I will tell you what, I would \nnot mind having a set of those videos, and I know you have got \nhours and hours of them, but, you know, we could thumb through \nthose things, and that would probably be a good way to do it, \nis just to get the videos of those sessions, those testimonies \nand those discussions. I think that was a very good workshop, \nand I thank you for allowing us to come down and participate in \nthat.\n    And Commissioner Swindle, you are exactly right, the best \nsolution to this whole thing is people who participate and use \nbest business ethics, and we know those are the answers, but we \nalso know that the industry is going to have to step forward. \nIt is my belief that they will not until there is a national \nlegislation that forces them to at least consider some things \nthat can be flexible and be very light on their feet to deal \nwith this thing as far as the legitimate marketers, because I \nam a market-oriented guy.\n    I think this thing, you know, when you walk from here to \ndowntown, you walk by a lot of businesses and you see a lot of \nadvertising, and you see a lot of things that are wanting to do \nbusiness with you, and this industry should not be any \ndifferent. However, I think the industry is going to have to \nstep forward and set up a standard of best practices, and have \nthose legitimate marketers--we welcome them--who want to do \nbusiness in this realm of doing that.\n    Now, you have already responded to the no-spam list. We \nwould be remiss if we did not consider that, but I am not real \nsure that that is not a detail maybe that the FTC could--on \ntheir own, because you have done a wonderful job down there. \nYou have taken this issue and you have elevated it to a \nposition of national awareness. You have done a terrific job \ndown there, and we do not want to do anything through \nlegislation that would curtail that particular activity with \nthe FTC, but I just want--you mentioned, Mr. Swindle, in your \ntestimony, the Commission mentioned the testimony that a \nsolution to spam must include consumer empowerment, and of \ncourse, we use that term a lot. Do you think opting out \nconstitutes consumer empowerment?\n    Mr. Swindle. That is certainly a form of it, Senator. \nUnfortunately, a lot of the spam does not honor the opt-out \nselection, so you have still got the spam coming in, and the \npoint I made is, I was reading the article this morning about \nMicrosoft\'s initiative that was in the Post this morning, and \nmy friend and sometimes adversary Marc Rotenberg, who I believe \nis going to be testifying on a later panel, made the statement, \nor is reported to have made the statement that Microsoft\'s \nproposal does not address the core need of consumers, which is \nto be free of commercial e-mail unless they specifically \nrequest it. That is different from opt out.\n    I have suggested that, to accommodate or try to resolve \nthis emotional turning away from electronic commerce and e-mail \nthat we are experiencing because of spam, that the ISPs and \nsoftware manufacturers and the hardware manufacturers, whoever \ndoes this stuff can provide to the consumer the capacity to \neasily, recognizably simply say--this is oversimplification, \nbut I do not want to receive any e-mail from anybody other than \nthe ones I send to and the ones that are in my address book.\n    Think of all the e-mail that would not come in any more, \njust do not even have it come in, and that is what I mean about \nquick fixes for emotional problems, but I think there is a \nbasic need. Opt out certainly recognizes this, but it is not \nhonored. There is a basic need for consumers to be allowed, at \ntheir own choice, to be free of--Senator McCain used \n``unwanted.\'\' That may be the best way to put it, unwanted e-\nmail, and if you put them in control of that, we will have a \nlot happier users out there and we will have less a problem on \nthis emotional bent, and we can really get to work on this \nlegislative and technology bent.\n    Senator Burns. We could call them weeds. That is kind of an \ninvasive and unwanted----\n    Mr. Swindle. Nutgrass down in South Georgia.\n    Mr. Thompson. I think that is a nice way of characterizing \nit.\n    Senator Burns. We have to eliminate the weeds, and if we \ncan find a herbicide to spray them and it kills the weed and \nlets the grass grow, that is what we are looking for in this \nsituation.\n    Senator Nelson. Some of them are snakes.\n    Mr. Swindle. I would like to use an illustration, Senator, \nif I may, and it will take just another minute. I just bought \nmy wife a brand new, nice computer. It is a great computer, \nDell, a great company, has got Microsoft XP on it, a fine piece \nof software. All of a sudden, I started getting pop-up spam \nmessages that says, Messenger, centered, dead center, large, \nright in my screen, and I do not know how to copy it. There is \na way to copy it, but I am not technically savvy enough to \nfigure it out. I said, where is this stuff coming from? It \ncomes from a built-in Microsoft messenger, Instant Messaging, I \nguess, sort of like AOL, a wonderful device, if you want it.\n    The problem is, Microsoft put that in that computer, \ndefaulted to the on position, did not tell me it was there, did \nnot tell me how to easily get it off of there, and they use it, \nor somebody\'s using their system, maybe an affiliate, to send \nme spam that I do not want. The industry needs to solve this \nproblem. They can solve it technically. They just need to want \nto solve it, and as to your initial proposal, maybe they need a \nfire lighted under them. I think they do.\n    I think the FTC has done a grand job of elevating the \nsubject of privacy to the public. Everybody is aware that they \nought to be concerned about their privacy. We have achieved a \nvery--I would never say excellent, because we are still working \non it. It is a journey, not a destination, but we have more \ncompanies doing better things on privacy than ever before, and \nwe have not passed a law to get there, but public pressure, if \nyou inform the public, they then demand. Industry will respond \nbecause that is how they stay in business.\n    Senator Burns. I believe that, and I thank you for your \nopenness and your frankness about this, because I think we have \nbeen talking about this issue for 4 or 5 years. It is time to \nquit beating around the bushes and tell it like it is and then \ngo ahead and respond to that, and I thank both Commissioners \nfor coming this morning.\n    Mr. Chairman, thank you.\n    The Chairman. Senator Wyden.\n    Senator Wyden. Thank you, Mr. Chairman. First, I always \nwelcome the views of the Federal Trade Commission, but I will \ntell you, I am a little troubled about sitting around and \nwaiting another 45 days, or whatever. It is time to get going, \nfolks. It is time to protect consumers. This problem has grown \nso dramatically, just in the last few months, that I just fear \nif we embark on yet another prolonged kind of study session, we \nare not going to get after this, and it is time to start \nmoving, and frankly, Senator Burns and I in the last 4 years \nhave been looking at just about every idea under the sun. We \nare going to continue to look at others, but I want to get some \nthings clear on the record.\n    First, on the enforcement provisions, 2 years ago, \nCommissioner Swindle, Eileen Harrington came to the Committee \nand said that the enforcement mechanism in the Burns-Wyden bill \nwould work. In fact, her comments are, the enforcement scheme \nlaid out in the bill likely would work well.\n    Now, it has got four tiers. The four tiers are the criminal \npenalties, the Federal Trade Commission civil penalties, the \nauthority of the state Attorneys General, and the ability of an \nISP, an Internet service provider to bring suit. I guess the \nfirst question I would like to know from both of you on the \nrecord, do you disagree this morning--so we can actually get a \nsense of what two Commissioners think this morning, do either \nof you disagree with what Eileen Harrington said when she said \nthe enforcement mechanism in the Burns-Wyden bill would work \nwell?\n    Commissioner Swindle.\n    Mr. Swindle. Senator, we essentially do that already. Under \nsection 5 of the Federal Trade Commission Act we deal with \ndeception and unfairness, a false header, that is an address, \nthe from line of somebody that is not the real person, that is \ndeception. Deception in the subject line is deception. \nDeception in the subject matter is deception. We have the \nability, with the existing laws, to do those things. Certainly \nthe criminal and civil aspects of it are positive things. We do \nthat already.\n    We work very well with the Department of Justice in trying \nto find solutions to these problems and certainly go after the \nbad guys. We certainly encourage the continued ability of \nstates to enforce the Federal Trade Commission Act, and working \nwith the AGs, and we do a marvelous job with that.\n    Senator Wyden. But Commissioner, obviously, empowering the \nstate Attorneys General is something the Congress has to do. \nThe ISP provision is something the Congress has to do. I just \nwant to know, so we do not go out and reinvent the wheel every \n45 days or 60 days, whether you agree with what Eileen \nHarrington said, and I happen to think you have done useful \nwork. It is not a referendum on whether you all have done \nuseful work. Eileen Harrington said our enforcement mechanism \nwould work. Do you agree with that?\n    Mr. Swindle. I have not disagreed, but the point I want to \nmake, Senator, is, we can have this structure, which you know \nis wonderful. The problem still remains finding those who are \ndoing the evil. That is a technology challenge. It is a \nstaffing challenge. We go after these cases, and one of the big \ndilemmas we have is trying to figure out how many resources can \nwe devote to this when we very likely will not find who did it, \nand the effect of what was happening, does it warrant the \nspending of these resources. It is a very difficult thing.\n    Enforcement is many things. It is having the structures you \ndescribed, certainly, but also you have to have the capacity to \ngo do something with those tools. You have to have the capacity \nto find the person who has done wrong and bring them in and \nstand them up in front of those four standards and get them.\n    Senator Wyden. Commissioner Thompson, Eileen Harrington, do \nyou think she was right when she said, what we are trying to do \non enforcement would work well?\n    Mr. Thompson. I think she was right, what she said when she \nsaid it. What I think is based upon what I have heard and the \ninformation that we have gotten that the problem may have \nmorphed a little. Now, I do not want to make any mistake about \nit. You will hear from me today instances where I would like to \ncome back and tell you whether certain parts of the various \nbills we see will address part of the problem, but I do not \nwant to make any mistake about it. I think that we need \nlegislation, and we need it this year.\n    The issue is whether the form of legislative vehicles we \nhave seen so far address parts of the problem and not other \nparts of the problem, and we would like to be a resource to you \nto give you the best information of whether some of those parts \nmight be more effective or might be necessary elements in \naddressing the problem.\n    Let me give you an example. I was actually moved by the \ninformation that was given to us by a small ISP provider, when \nI say small, less than 20,000 subscribers who said that last \nyear, they spent $200,000 to deal with spam, and they were able \nto spread that cost passing it through to their subscribers, \nbut they saw a real choke point coming up ahead, because they \nwere so small, that they would not be able to pass that cost \non, and that is because of volume. I am not sure we have a way \nto address that, but I would like to give you the best \ninformation that I have, and I am willing to come back to you \nin 45 days or sooner, if necessary, to give you what that best \njudgment is.\n    Senator Wyden. Mr. Chairman, if I could just get one other \nquestion in very briefly, what we tried to do in the Federal \nTrade Commission portion of it is to give you all the \nflexibility to make distinctions between the big-time offenders \nand the small-time violators. Again, because we had gotten \nfavorable testimony from the Federal Trade Commission, we felt \nwe were headed in the right direction. Do you all still feel \nthat that is a sensible distinction to be making, either of \nyou?\n    Mr. Swindle. Senator, I think we need to continue this \ndialogue. I have been using this expression for a long time. \nThere are no simple answers to this. I have not seen one piece \nof legislation that I think will be adequate.\n    I do not know that we need additional authority. As I said, \nwe have the capacity to go after deception and fraud right now. \nWe have got to realize that this is going to be an evolving \nprocess. It is going to take technology advances, it is going \nto take industry stepping up to the plate and doing what they \nought to do because it is the right thing to do, and it is \ngoing to take us working and advising and consulting with you, \nSenator Burns, Senator McCain, and other Members of the \nCongress, trying to find the best possible solution. We want to \nfind the best possible solution, I mentioned.\n    We are not going to find the perfect solution. We can \nforget that. We just are not going to find it, but the best \npossible solution will be the one that is effective and the one \nthat does not do more harm than good and start to make \nimpediments, and again, industry could solve much of this \nproblem if they would get it done so that you would not be \nhaving to try to get it done through legislation, which \ninvariably, because of the speed of this industry, the \nlegislation will always be behind.\n    Senator Wyden. My time has expired. My only point is that \nwhen you have the real scofflaws, when you have the real bad \nactors, those are not people who are paying attention to what \nindustry self-regulatory initiatives are all about, and that is \nwhy we have got to move, and we have got to move quickly, and I \nthink we ought to have your input, but Mr. Chairman, I hope \nthat this effort to have 45 more days and more discussion will \nnot turn into something that is so prolonged that we cannot get \naction on it. We have had a lot of years of studying it, and I \nthink we ought to get moving, and I thank you for the time.\n    The Chairman. Senator Cantwell.\n\n               STATEMENT OF HON. MARIA CANTWELL, \n                  U.S. SENATOR FROM WASHINGTON\n\n    Senator Cantwell. Thank you, Mr. Chairman. I know this \nCommittee and my colleagues here today have spent a great deal \nof time working on this issue, as the FTC has, on trying to \nenforce and crack down on the individuals, and I am anxious to \nhear from our second panel as well, because I think we are \ngoing to hear some interesting comments from them, because I \nthink the industry is being very much impacted by this as well.\n    There are people who very much count on having a \nrelationship with online consumers, and that relationship is \nbeing damaged by the perpetrators of spam, so I think everybody \nis interested in moving forward. Why not focus more narrowly on \none particular aspect of this issue, which is harvesting.\n    I know my colleagues here have language in their \nlegislation, but why not, as a first step, something that we \ncan all have consensus on, and we know that there are \nperpetrators of spam, either autogenerated by computers, or \npeople who are actually harvesting names that are available \nonline from various websites. Why not crack down on that right \naway, and focus on the anti-harvesters as a key component?\n    Mr. Swindle. Senator, I personally think the clandestine \ncapturing of e-mail addresses and then turning around and using \nthem is an abominable act. It is commonplace, we all know that, \nand perhaps we need to look at it in terms of saying you cannot \ndo this, but again, we get back to how do we enforce it, how do \nwe find those who do it, because from a technology standpoint, \nit is fairly well concealable, but again, it is just one small \nelement of this whole problem that we need to keep working and \nneed to be getting industry to step up and tell us, number 1, \nhow to solve the problem with technology, and number 2, we are \nnot going to do this any more.\n    I have a good friendship with a member of industry that was \ntelling me when he took over the company, and it is a fairly \nbig company, he said that he found out that one of the \npractices of the company was, when they got e-mail addresses \nthey sold them, and he asked, why are you doing that, did you \nask for permission. They said, no. He said, we are stopping \nthat right now. That is the kind of leadership we need.\n    Senator Cantwell. We have had a lot of discussion, I am \nsure, in the last couple of years about what those \nrelationships are and what businesses have the right, in \nvarious types of marketing, what relationships they can extend \nto some of their partners, but in this notion of anti-\nharvesting legislation, being specific, that you cannot \nautogenerate or cannot take names that you have gotten from \nother places online and e-mail them, and then going back to \nthose, and I know it is not obvious who all of these entities \nare, but with a little investigation you can find them. If that \norganization cannot prove that they have a prior business \nrelationship with that name, then they would be guilty of \nhaving harvested it. It is a more simple framework of saying \nthat there are people--you know, we have had all this debate \nabout opt in and opt out, and we can continue to have it, or \nwhat is the right framework, and how do you make the penalties, \nbut I think 90 percent of the people would agree on the anti-\nharvesting aspect.\n    Mr. Thompson. I think that would be helpful.\n    Mr. Swindle. I think it is a legitimate approach. I would \nask for consideration to how you define existing relationship, \nbecause some of the definitions of it I have seen, you could \ndrive a Mack truck through them. You almost have an existing \nrelationship just because you exist, and that needs to be \ncarefully thought of, because, again, I made a statement in my \nopening remarks that the laws of legislation that will tend to \nfavor larger firms over smaller firms is not a good idea in my \nmind, that I think some of the larger firms will have the \ncapacity to drive trucks through large holes.\n    Mr. Thompson. I think it would be helpful. I think it is an \nelement, but I think it is only one element. I know that this \nCommittee has been particularly concerned about how to deal \nwith protecting what consumers\' interests are. I think it is \nimportant, though, that we also manage their expectations. I \nthink that this is one element, but I think there are other \nparts of the problem that need to be addressed, too, and I \nthink that a well-crafted legislation should have various \npieces, because there is not one single answer to this problem.\n    Senator Cantwell. Well, I think that that is--I agree with \nthat, but I think focusing on the most egregious issues is \nimportant for us to do, too. If we are not going to move \nforward on the whole framework, let us make progress on the \nmost egregious side of the equation.\n    And Mr. Swindle, I just wanted to clarify when you were \ntalking about that example, you were talking about--with \nMicrosoft, you were talking about seeing a pop-up message, \nright? You were not talking about somehow someone e-mailed you \nan additional message?\n    Mr. Swindle. I am going to use the term that is alien to \nMicrosoft, I guess, Instant Message, which I guess belongs to \nAOL, but right in the middle of the screen a message.\n    Senator Cantwell. I know what you are referring to. So are \nyou saying that you lump that in with--I am not saying it might \nnot be a rude behavior, and one that the consumer----\n    Mr. Swindle. It is spam.\n    Senator Cantwell. How are you defining it as spam?\n    Mr. Swindle. It was a commercial notice placed on my screen \nwithout me being able to control it, not knowing it was there. \nI found out how to control it and cut it off, and I have not \ngotten any more, but it would have been nice if Microsoft told \nme, hey, Orson, thank you for buying the new computer and \ngetting our software. By the way, our instant messenger service \nis on, and you are going to be receiving messages from us, and \nif you do not want it on, just do this and turn it off. They \ndid not give me the courtesy of doing that. The message \nbasically said, if you do not want to receive things like this, \ngo to a website and you can get instant message blocker, or \nsomething like that. It was advertisement, pure, unadulterated \nadvertising.\n    Senator Cantwell. Well, and I certainly think that there \nare issues about what should be, once you have installed \nsomeone\'s software, what capabilities they should have in \ncontinuing to communicate to you, and that should be clear to \nconsumers and you should give them options.\n    Mr. Swindle. Give me the power to turn it off, to say no--\n--\n    Senator Cantwell. Right. Exactly.\n    Mr. Swindle.--that is all I ask, and they should have done \nthat and they did not do it, and I find it interesting, they \nare now promoting how they are going to stop spam, and by their \nown practices, they are sending me spam.\n    Senator Cantwell. Well, I do not know that Microsoft is, \nbut----\n    Mr. Swindle. An associate.\n    Senator Cantwell.--I think that it is a related issue, the \nsoftware functionality, and giving consumers obviously the \nability to turn off and turn on, and to be asked permission is \na very key point, but I would try to keep that as a related, \nbut separate issue to this notion of that then comes into your \ne-mail queue from a variety of people that are generating.\n    Mr. Swindle. I was looking at my e-mail and blanking over \nmy inbox----\n    Senator Cantwell. Your screen.\n    Mr. Swindle.--was this spam message. It cannot be called \nanything other than that.\n    The Chairman. Thank you, Senator. It is time----\n    Senator Cantwell. Thank you. Thank you, Mr. Chairman.\n    The Chairman. The Senator from Washington\'s time has \nexpired. Thank you.\n    Thank you very much, Commissioners. I appreciate your time \nand your input, and I will look forward to your comments on the \nMicrosoft recommendations. The sooner you can get those to us, \nthe better. Thank you.\n    Our next panel is Mr. Ted Leonsis, the Vice Chairman of \nAmerica Online; Mr. Enrique Salem, President and CEO, \nBrightmail; Mr. J. Trevor Hughes, Executive Director, Network \nAdvertising Initiative; Mr. Marc Rotenberg, Executive Director, \nElectronic Privacy Information Center; and Mr. Ronald Scelson, \nwho is of Scelson Online Marketing. I welcome you. I appreciate \nyour patience, and I apologize for the delay, which has been \ncaused by votes on the floor. Mr. Leonsis, welcome. It is a \npleasure. Please proceed.\n\n           STATEMENT OF TED LEONSIS, VICE CHAIRMAN, \n      AMERICA ONLINE, INC. AND PRESIDENT, AOL CORE SERVICE\n\n    Mr. Leonsis. Thank you, Mr. Chairman. Chairman McCain, \nMembers of the Committee. On behalf of America Online and our \n35 million worldwide members, I would like to thank you for the \nopportunity to testify before the Committee on the issue of \nunsolicited commercial e-mail. My name is Ted Leonsis, and I am \nVice Chairman of America Online and President of the AOL Core \nService, and as one of the early pioneers in this industry, I \nam here today because I believe this issue is the most \nimportant matter that is facing us today, and that is not a \npersonal opinion. That comes directly from the hearts and minds \nof our members.\n    I would also like to thank the fellow panelists for being \nhere today, especially FTC Commissioners Orson Swindle and \nMozelle Thompson for hosting a very timely workshop on spam \nearlier this month, and you will enjoy the tapes. It was at \nthat forum where we made an announcement that to me was a \nshocking reflection of how bad things had truly gotten when it \ncomes to the online medium that we helped to create, and the \nrising tide of spam.\n    On April 30, we announced that our company was blocking up \nto 2.4 billion spam e-mails in one day from being delivered to \nour members. That amount is double the number of spam e-mails \nwe had blocked in one day from just 8 weeks earlier, on March \n5, and over four times the amount of spam we blocked since \nearly December.\n    On a yearly basis, and this is mind-boggling, that means we \nare now blocking almost 24,000 spam e-mails from going to each \none of our members\' e-mail inboxes.\n    And to give you some more context, if a standard business-\nsize envelope represented each spam e-mail we were blocking, \nand every day, every single day you laid those envelopes end to \nend, they would stretch around the earth four times and then on \nto the moon, but this is more than just sheer raw numbers. \nThere is raw anger that spam generates from our members that \nhas forced us and me personally to declare that the worst \nspammers are public enemy number 1, and we now know that \ncanning the spam remains the priority, number 1 issue for \nonline consumers today, and our members tell us, they go out of \ntheir way to tell us how much they hate spam every day on our \nservice.\n    We put a report spam button on our AOL software that came \nout in the fall and today more than 9 million receipts will \ncome from our members. They are forwarding spam to help us \nblock more and more of it right at our servers. Those are more \nthan 9 million individual pleas from our members for action on \nspam, and as far as I am concerned, we are hearing them loud \nand clear, but even though our members are reporting more spam \nto us then ever before, and even though we are blocking more \nspam from getting to our members than ever before, it is \nclearly not enough to stop the rot of the e-mail tool that has \nbecome so central to our people\'s daily online lives, and that \nis why we are all here today. We really need your help.\n    We are not just at a crisis period, but we are at a point \nnow where the very tool that is the core communication point in \nthe online world is under attack. In short, we are witnessing a \nserious threat to consumer confidence in the e-mail function, \nand if that happens, it will lead to an erosion of faith in the \nonline medium in general, and that would be a crime. That is \nwhy we applaud everyone here for stepping forward. You would \nhave had and will continue to have a very critical and timely \nrole to play in the effort to eradicate this scourge of spam.\n    This is an issue that begs for attention but more \nimportantly begs for action. We recognize better than anyone \nthat there is no silver bullet that is going to kill spam on \nthe Internet. It is everywhere, and no one owns the spam \nproblem and no one will have the solution. We are in this \ntogether, Government, our competitors, our consumers, the \nentire industry. Every constituent that is online this matters \nto, and we are responding in AOL forcibly and comprehensively \nto the spam attack and believe we are rising to the occasion to \ndefend our members in five key areas, and these are all pillars \nof our plan to battle against spam.\n    First, we are and will continue to invest in providing the \nvery best software tools to empower members to fight back \nagainst spam and spammers, such as the report spam button in \ncustomizable mail controls on our 8.0 software. 100 days after \nthat announcement, we released a new version of our software \ncalled 8.0 Plus, and made it very easy for our members to move \ninto a mode where they would only receive e-mail from people \nthat they knew, so we have listened to the FTC and that \ncapability is already built in.\n    Second, we are constantly updating and strengthening the \nanti-spam filters that we own and operate at our server level, \nand we use our daily member feedback to do so. They are \nproviding us with the lists, and we are listening and \nresponding technically.\n    Third, we are working with State and Federal-level \npolicymakers to ensure that the public laws stay abreast of and \ninvolved with the ever-changing, even more complex nature of \nspam.\n    Fourth, we are playing offense legally. We have filed civil \nlawsuits against over 100 individuals and corporations who spam \nour members, and we are raring to go to do it with more.\n    And fifth, we are working across the industry with key \nstakeholders such as Earthlink, Yahoo, and Microsoft, no small \nfeat for AOL to do, in an effort to share resources, \ncollaborate on technical solutions and set industry guidelines \nto beat these spammers, but even with all that, right now it is \nnot enough, and so we are constantly seeking to advocate newer, \ntougher weapons against what I like to call the leadership \ntargets in this war on spam, and that is where I believe you \nand Congress can step in with strong anti-spam legislation.\n    We need bigger mallets in this online version of Whack-a-\nMole that we are playing to go after the worst spam offenders, \nnamely the outlaws and the kingpins of the spam world, and I am \ntalking about those spammers who systematically and \nperseveredly send spam using fraudulent and invasive methods, \nthose who mislead, lie, and falsify with disdain and disregard \nfor any law or measure of decency. They need to get what they \ndeserve, criminal penalties, felony counts, and jail time.\n    I pointed to the recently unveiled Virginia anti-spam law, \nwhich is now the toughest in our nation, and the criminal \npenalties it contains, as well as the asset forfeiture \nprovision as to a good starting point for Federal action.\n    At the same time, we cannot allow these spam evildoers to \nrepresent in any way appropriate, legitimate, and practical \nmarketing via e-mail. That is why, in addition to the remedy I \njust mentioned for outlaw spammers, we would all like to see a \nFederal bill established of rules of the road on the Internet \nfor marketers who legitimately communicate online with \nconsumers.\n    If there is ever an idea whose time has come, it is \nstronger, meaningful anti-spam legislation with this two-\npronged approach. Give law enforcement the tools to seek \ncriminal and felony penalties against the very worst offenders \non spam, and let the good practitioners of e-mail marketing be \nguided by a set of standards that we will all abide by.\n    I know this is a tall order, but we will continue to play \nour part and invest and do our best to innovate and constantly \ngive our members better anti-spam tools, seek more and more \ntechnological solutions, make our anti-spam filters even better \nso we can block more spam, and also work across the industry in \na collaborative and cooperative way without regard to \ncompetitive boundaries. I am calling for us to work together in \na multifaceted way in a more comprehensive approach, but we \nreally need all of you by our side every step of the way. Do \nnot let the spammers get away with it, and we have to act now.\n    We are so pleased that Senators Burns and Wyden have taken \nsuch a strong and active interest in this issue, and we look \nforward to continuing to work with them and other Members in \ncrafting legislation that will really help. I thank the \nChairman and Members of the Committee.\n    [The prepared statement of Mr. Leonsis follows:]\n\nPrepared Statement of Ted Leonsis, Vice Chairman, America Online, Inc. \n                    and President, AOL Core Service\n    Chairman McCain, Senator Hollings, and members of the Committee, on \nbehalf of America Online, Inc., I would like to thank you for the \nopportunity to testify before the Committee on the issue of junk e-\nmail--or ``spam.\'\' My name is Ted Leonsis, and I am Vice Chairman of \nAmerica Online, Inc. and President of the AOL Core Service.\n    I would like to tell you a little bit about the nature of the spam \nproblem and its effect on ISPs and Internet users, as well as some of \nthe things that AOL is doing--along with our other industry \ncolleagues--to help address this issue. But first, I would like to \ncommend you for holding this hearing and taking a forward-looking \napproach to the spam problem at such a critical time. We believe that \nthere is a strong and important role for government to play on this \nissue, and we are anxious to work with you to find a solution to this \ncrisis.\n    Spam is one of the biggest problems facing Internet users and \nInternet service providers (ISPs) today. Junk e-mail clogs the arteries \nthat carry communications across the Internet--misappropriating the \nnetwork and resources of ISPs, and negatively affecting the online \nexperience of Internet users. And because junk e-mailers do not bear \nmost of the costs of sending their millions of messages, consumers and \nISPs must shoulder the majority of the expense and burden of handling \nspam. Moreover, much of the mail contains objectionable or misleading \nadvertisements. Consumers are being bombarded with offensive, \ndeceptive, annoying e-mail; and legitimate commercial e-mail that \nconsumers might want to read is being lost in a sea of junk. Clearly, \nspam is a significant business and consumer issue that needs to be \naddressed.\n    While spam has caused problems for ISPs and consumers for years, it \nhas grown exponentially in recent months. Spam now accounts for 60-80 \npercent of all mail coming in from the Internet to AOL members, and AOL \nestimates that the overall volume of spam is doubling at least every \nfour to six months. Spam is costing U.S. businesses in excess of $10 \nbillion annually, clogging the Internet and overwhelming e-mail service \nproviders (see Ferris Research at www.ferris.com). For everyone in the \nonline world, spam is a burden that has reached crisis proportions--and \nit\'s only getting worse.\n    Fighting spam has become a serious quality of life issue for \neveryday consumers. At AOL, we\'re listening to our members and have \ndeclared spammers to be ``Public Enemy #1.\'\' AOL has taken a number of \nimportant steps over the past few months to fight back against spam, \nbasing our actions on the complaints and concerns of our members.\n    First, we have deployed strong technologies across our network to \nblock and filter spam. Our anti-spam filters are now blocking up to 2.4 \nbillion pieces of unwanted mail per day, which means we are stopping \nalmost 70 spam e-mails per account per day from landing in the e-mail \ninboxes of our members. And we\'ve fine-tuned technology that stops spam \nbefore it happens by preventing spammers from gathering--or \n``harvesting\'\'--e-mail addresses from AOL areas.\n    Second, we\'re enlisting our members in this fight by giving them \nnew tools that make it easier than ever to block spam and report \nspammers. Our popular ``Report Spam\'\' button has resulted in a dramatic \nincrease in the amount of spam being reported directly to AOL by its \nmembers--we now receive upwards of 9 million reports of unwanted e-mail \nper day. AOL\'s Mail Controls are easy to use and allow our Members to \nblock e-mail from specific mail address or entire domains, or to create \na ``permit list\'\' of addresses from whom they will accept mail. We\'re \nalso providing our members with important consumer safety tips that can \nhelp them reduce spam and improve the security of their online \nexperience--particularly in the broadband environment, where it is \ncritical that consumers know how to protect themselves in the world of \n``always-on\'\' high-speed connections.\n    Later this year we will introduce new spam identification tools \nthat will be personalized for each member, so members can decide for \nthemselves what is unwanted mail. And we will strengthen our already \npowerful Mail Controls, offering more ways stop spam before it reaches \nthe inbox. In addition, AOL will--in keeping with our longstanding \ncommitment to providing strong Parental Controls--take special steps to \nhelp provide kids on AOL with a safe, spam-free experience.\n    In addition to the technology tools we use and provide to our \nmembers, we\'re also joining with other ISPs in waging war against \nspammers in court. Just recently, AOL filed lawsuits against over a \ndozen companies and individuals responsible for sending 1 billion spam \ne-mails to our members. We\'ve taken more than 100 individuals and \ncompanies to court over the past few years, resulting in millions of \ndollars in monetary penalties against spammers. We\'re supportive of the \nactions that Earthlink and other ISPs have taken to fight spam on the \nlegal front, and we look forward to finding new ways that industry can \nwork together to bring spammers to justice.\n    We\'re also building alliances with others in our industry to think \ncreatively and constructively about how to craft and implement real \nsolutions to the spam problem. Just last month we joined with Microsoft \nand Yahoo! to announce a commitment to work together and with other \nindustry stakeholders to combat spam. The group will initiate an open \ndialogue to drive the development of open technical standards and \nindustry guidelines that will help fight spam, as well as discussing \nways to cooperate with law enforcement efforts against large-scale \nspammers.\n    And finally, we\'re working with policymakers to support efforts to \nreduce unwanted e-mail. For example, we worked with Virginia \nlegislators, the Attorney General, and the Governor to get a tough new \nlaw enacted in Virginia earlier this month that would provide criminal \npenalties for spammers who send junk e-mail by fraudulent means. We \nwere also honored to participate in the spam workshop sponsored by the \nFTC several weeks ago, which served as a lively forum for debate and \ndiscussion about the complexities of the spam problem and how it can be \naddressed.\n    Yet despite these efforts, spam remains a problem for service \nproviders and their customers, particularly because many spammers use \nfraudulent transmission tactics--such as forging e-mail addresses and \nInternet domain names--to circumvent filters that are designed to allow \nISPs to manage their mail load and empower consumers to exercise \nchoice. In fact, we believe that these ``outlaw spammers\'\' (those who \nengage in fraud) are the primary cause of the overall spam problem.\n    The ``outlaw\'\' spam problem includes: 1) e-mail that is sent using \nfalsified means of technical transmission; 2) e-mail sent using hacked \ne-mail accounts; and 3)e-mail sent by spammers who intentionally abuse \nlegitimate e-mail service providers by registering for multiple e-mail \naccounts or domain names using a false identity for the sole purpose of \ntransmitting spam. ``Outlaw\'\' spam has increased alarmingly in the past \nyear, and we believe that this dramatic growth underlies the \nastonishing increase in overall spam volume. These spammers are \nhijacking the computer resources and bandwidth of private consumers and \nbusinesses large and small, threatening to overwhelm the entire online \nmedium.\n    With the spam problem reaching crisis proportions, we believe that \ngovernment can play a strong role in helping fight spam--both through \nincreased enforcement efforts and through the enactment of new laws to \ntarget spam. AOL believes that Federal legislation can serve two \npurposes in helping to fight spam. First, it can help set baseline \nrules of the road for legitimate marketers who use the e-mail medium to \nreach consumers. Such rules, combined with industry standards and new \nspam-fighting technologies developed by relevant stakeholders, will \nhelp to ensure that marketers use e-mail responsibly and will also \nprovide legitimate businesses with some clarity regarding the legal \nobligations governing their marketing operations.\n    Second, we believe that government action is critical to deterring \n``outlaw\'\' spammers. Strong and effective laws--including tough \ncriminal penalties--must be put in place to pursue and prosecute \nspammers who use fraudulent transmission tactics. The newly amended \nVirginia Computer Crimes Act is an example of a law that gives ISPs and \nlaw enforcement powerful tools for fighting ``outlaw\'\' spam. The Act \ncalls for enhanced criminal penalties if, for instance, spammers employ \nminors to send spam or derive significant revenue from sending large-\nscale spam. This statute provides another way for law enforcement and \nservice providers to take direct aim at ``outlaw\'\' spammers, using the \nlaw to put them out of business.\n    We hope that Congress will follow Virginia\'s lead by enacting \nlegislation that will target ``outlaw spam\'\' by imposing stiff \npenalties on spammers who engage in techniques of fraud and \nfalsification. Such legislation is needed not only to stop existing \nabuses, but also to safeguard new e-mail technologies that outlaw \nspammers may try to circumvent. We are pleased that many Members of \nCongress--including Members of this Committee--have taken an interest \nin the spam problem and are working to advance legislative solutions.\n    In the meantime, AOL is committed to maintaining a leadership role \nin the fight against spam. The goodwill and trust of our members \ndepends on our continued focus on developing solutions to this problem. \nAOL will to continue to pursue strong enforcement actions and innovate \nour spam fighting tools--putting our members in even greater control. \nBut ultimately, we believe the spam battle must be fought on many \nfronts simultaneously in order to be successful. From technology to \neducation, from legislation to enforcement, industry and government can \nwork together to reduce spam significantly and give consumers control \nover their e-mail inboxes.\n    We applaud the Committee for examining this issue at such a \ncritical time, and we look forward to working with you and other \nlawmakers to stop spammers in their tracks.\n    Thank you for the opportunity to testify; I am happy to answer any \nquestions you may have on this topic.\n\n    The Chairman. Thank you. Mr. Salem, welcome.\n\n STATEMENT OF ENRIQUE SALEM, PRESIDENT AND CEO, BRIGHTMAIL INC.\n\n    Mr. Salem. Thank you, Mr. Chairman and Members of this \ndistinguished Committee, for allowing me to address you on this \ntopic of unsolicited commercial e-mail, often referred to as \nspam. I am Enrique Salem, Chief Executive Officer of Brightmail \nIncorporated. Today, our software process is approximately 10 \npercent of the world\'s Internet e-mail for our customers. E-\nmail has become a ubiquitous form of communication for \nbusinesses and personal use. Spam is flooding our inboxes and \nit is threatening the viability of e-mail as a communication \ntool. It undermines consumer confidence and threatens the \nfuture of e-mail and online commerce.\n    The growth curve of spam has been steep over the last 5 \nyears. Brightmail has seen an increase of more than 900 percent \nin the number of unique spam attacks per month, dating from \nApril 2001 to April 2003. Attacks can have anywhere from 10 to \ntens of millions of messages that span a few hours to many \ndays. Over the same period, the amount of unsolicited \ncommercial e-mail has increased from a few messages to \napproximately 46 percent of all Internet e-mail, and that is a \nconservative number.\n    The numbers are actually growing very, very rapidly, and we \nbelieve that by the end of this year, it will be more than 50 \npercent. The current volume of spam being sent has a \nsignificant cost to ISPs and businesses. Spam is currently the \nnumber 1 complaint for many ISPs, and is negatively impacting \ncustomer satisfaction while driving support costs and \ninfrastructure costs.\n    On the business front, a recent report from Ferris Research \nestimates that spam costs U.S. businesses $10 billion a year in \nlost productivity, bandwidth, and storage costs. Businesses \nface an additional liability by allowing offensive and \nfraudulent content to reach employees. Adult content has \nincreased more than 170 percent in the last 12 months. Unlike \ntraditional direct mail or telemarketing, e-mail marketing has \na very low marginal cost. As a result, despite extremely low \nresponse rates, spammers can make a profit. The more e-mails a \nspammer can send, the greater his profit, while costs remain \nnearly constant.\n    The Internet does not know geographic boundaries. 90 \npercent of the spam hitting our probe network is untraceable, \nor uses some form of deception to hide its origin. In many \ncases, this is accomplished by sending the mail through \nunsecured open relays and open proxies that are spread out \nacross the world. Of the 10 percent that is traceable, 60 \npercent claims to be from Europe, with 16 percent claiming to \nbe from Asia.\n    Spammers will continue to use deceptive techniques to evade \nfilters. We are starting to see an increasing amount of \ncorporate identity theft, where spammers send mail using well-\nknown brand names in an attempt to evade filters and reach user \ninboxes. A consequence of this technique is that less dynamic \nspam filters can blacklist legitimate corporate domains in a \nmisguided attempt to fight spam.\n    The sheer volume of spam is also having a direct impact on \nlegitimate direct marketers. The messages are being lost in a \nsea of spam. Overzealous filters now block an increasing amount \nof legitimate mail. In many cases, it is inappropriately \ndeleted or placed in a bulk mail folder, which reduces the \nresponse rates to legitimate marketing campaigns. It is \nimportant to note that spam is invading other forms of \nelectronic communication, including Instant Messaging and \nwireless devices. One only needs to look at what has happened \nin the international wireless markets to see that spam has \nbecome a very serious problem on cell phones, such as in Japan \nand on the NTT DoCoMo Network. We should not exclude these \nother valuable communication tools from consideration, because \nthe same problems affecting e-mail today will soon affect these \nother forms of communication.\n    I am here to tell you we will solve the spam problem. The \nsolution will require strong legislation, cooperation between \ndirect marketers, ISPs, and technology providers. It will \nrequire legislation, but there are limits to what laws alone \ncan do. Strong laws can serve as a deterrent to spammers. We \nneed Federal laws that prohibit deception in e-mail headers. \nThere also needs to be a valid way to opt out, but we still \nneed to define what it means to opt out. What are we opting out \nof? We need to prohibit the sale of tools to harvest e-mail \naddresses, as well as the sale of e-mail lists that have been \ninappropriately created.\n    Beyond spam filtering, technology will be required to \nidentify legitimate e-mail. There will need to be a set of best \npractices and guidelines defined and managed by industry \ncoalitions that are followed by legitimate direct e-mail \nmarketers, allowing us to more effectively block spam and \nallowing legitimate mail to be successfully delivered, \npreserving e-mail as a viable communications tool.\n    Thank you for the opportunity to comment and participate in \nthis important discussion.\n    [The prepared statement of Mr. Salem follows:]\n\nPrepared Statement of Enrique Salem, President and CEO, Brightmail Inc.\nSpam Problem Overview\n    E-mail has become a ubiquitous form of communication for both \nbusiness and personal use. With e-mail has come spam. Today, spam is \nspreading in such staggering amounts--flooding both corporate and \npersonal inboxes--that it now threatens the viability of e-mail as a \nprimary communication tool. Unsolicited commercial e-mail (UCE), \ncommonly known as spam, has reached epidemic proportions. Analyst firm \nIDC currently estimates that 7.3 billion pieces of spam are sent each \nday with 3.9 billion of those sent in North America.\n    The growth curve has been steep. Over the last 5 years, we have \nseen the amount of unsolicited commercial e-mail increase from a few \nmessages to approximately 46 percent of all Internet e-mail. Brightmail \npredicts that by December of 2003 spam will become more than 50 percent \nof all Internet e-mail. It has become a serious problem for Internet \nService Providers (ISPs), businesses and individuals.\n    Unlike direct mail or telemarketing, e-mail marketing has very low \nmarginal cost. As a result, despite extremely low response rates, \nspammers can make a profit fairly easily. The more e-mails a spammer \ncan send, the greater his profit, while the cost remains nearly \nconstant. Bulk e-mailers are sending between 80 and 100 million \nmessages a day. This both explains the alarming growth rate of spam and \nmakes it more frightening--there is no financial disincentive for \nflooding the Internet with more and more spam.\nCosts to ISPs and Businesses\n    A recent Gartner Group study on spam estimates that spam costs an \nISP with 1,000,000 users $7 million per year. Spam is currently the \nnumber one complaint for many ISPs and is negatively impacting customer \nsatisfaction while driving up support and infrastructure costs. \nBusinesses are also not immune from the costs. A 2003 report by Ferris \nResearch estimates that spam costs U.S. businesses $10 billion/year in \nlost productivity alone. Businesses must also add additional storage \nand bandwidth to handle the increase in e-mail traffic due solely to \nspam. Lastly, businesses face an additional liability--allowing \noffensive and fraudulent content that is often a part of spam to reach \nemployees. Adult content has increased more than 170 percent in the \nlast 12 months and scams have nearly doubled in the same time period. \nThese are concerns that go beyond the IT department and into the human \nresources arena.\nCosts to Direct Marketers\n    Another significant consequence of the sheer volume of spam being \nsent is that over zealous filtering attempts are now blocking an \nincreasing amount of legitimate mail. In many cases it is improperly \ndeleted or placed in a bulk mail folder reducing the response rates to \nlegitimate marketing campaigns.\nSpam is a large and growing problem\n    As seen in Chart 1 below, Brightmail has seen an increase of more \nthan 900 percent in the number of unique spam attacks/month from April \n2001 to April 2003. A spam attack is a unique grouping of messages \nbased on their content--for example, Herbal Viagra. Spammers will \ninject random content into each message to attempt to confuse filters \nby making each message that they send appear to be different. Attacks \ncan have anywhere from ten to tens of millions of messages and can last \nfrom a few hours to many days.\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nChart 1\nSpam is becoming increasingly offensive or fraudulent\n    As noted in Charts 2 and 3 below, from April 2002 to April 2003, \nBrightmail has seen ``adult\'\' spam increase by more than 170 percent \nand spam categorized as ``scams\'\' nearly double. These offensive e-\nmails are troublesome and costly for consumers as well as for \nbusinesses.\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nCharts 2 & 3\nSpam is threatening the viability of e-mail\n    As seen in Chart 4 below, over the past two years, both spam and e-\nmail have grown. However, spam comprises a greater and greater \npercentage of the total amount of e-mail that is sent each year, which \nis threatening the viability of e-mail as a communications tool.\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nChart 4\n\nSpam is an International Problem\n    Much of the spam reaching U.S. inboxes is routed through other \ncountries. The majority of spam is untraceable (90 percent), but of \nthat spam that does claim to come from a certain region of the world, \nthe majority comes from Europe--with the Russian Federation comprising \n10 percent--and Asia--with China leading Asia. A key point to make is \nthat even if a spam message claims to originate in China, it very well \ncould have originated in North America or somewhere else. This point \nhas implications as we consider the impact of various state and Federal \nspam legislation.\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nChart 5\nTracking Spammers is difficult\n    Spammers often obfuscate their true location by enlisting open \nrelays or proxy servers throughout the world. Trying to track down the \ntrue origin of a known spam message is often quite difficult, as \ndemonstrated in Exhibit 1 below.\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nExhibit 1\n\nUse of Open Proxies\n    Spammers aggressively use technology to hide their tracks. A \nperfect example is the growing use of open proxies; open proxies are \nmisconfigured servers that allow spammers to generate large volumes of \ne-mail that are not easily traceable to the actual sender. There are \nmany thousands of open proxy servers available to spammers at any given \ntime and a great deal of spam flows through these servers--both in the \nU.S. and overseas.\nChanging Techniques to Reach Inboxes\n    Spammers have moved beyond simple text-based e-mail to entice end-\nusers to click through. One such technique is using HTML-based e-mail. \nAn example of a recent HTML-based spam message appears to the recipient \nas follows:\nExhibit 2\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\n    When in reality, the HTML code behind this seemingly benign image \nis collecting valuable information for the spammer.\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nSpam Can Lead to Digital Identity Theft\n    Spammers also employ well-known brand names in an attempt to get \nend-users to open e-mails. Not only does this perpetrate the spam \nproblem, it also does considerable damage to the reputations of \ncompanies.\n    We see spam from global corporations that was actually sent out by \na spam shop halfway around the globe. These innocent corporations face \nmore than the wave of bounced messages and angry responses from the \nspammed. This type of corporate identity theft can severely damage a \ncompany\'s worldwide brand since spammers have global reach.\n    Additionally, some misguided attempts to fight spam result in \nbuilding blacklists that often include the domain names of these \nvictims of domain identity theft. These blacklists further the damage \ndone by the open relays and falsified headers of spammers when \nsubscribers to these blacklists can no longer receive e-mail from the \nlegitimate enterprises. Domain names are an intrinsic part of a \ncorporate brand. The theft of these names for mass mailing of \nunsolicited e-mail has hurt some companies already and the trend may \ngrow in the months and years ahead.\n    Corporations have a responsibility to their employees and \nshareholders to take measured steps in securing their messaging \nsystems. In fact, as liability cases do make their way into the courts, \nthe extent to which corporations can demonstrate that they made ``best \nefforts to protect against spam\'\' will have a large bearing on the \noutcomes.\n    In the header information in Exhibit 3 below, a spammer has used \ntwo well-known company names to trick the recipient into thinking that \nthe e-mail is from a trusted source, when in fact it is just an attempt \nto obfuscate the true identity of the sender.\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nExhibit 3\n\nSpam: Moving Beyond E-mail\nWireless Spam\n    There is a huge impending need for anti-spam protection in the \nmobile/wireless environment. Wireless e-mail produces a unique set of \nthreats from spam, including volume issues when wireless users receive \nlarge amounts of spam. Viruses and worms can harm or temporarily \nparalyze PDA devices or the applications that run on them. Cell phones \nare particularly vulnerable to dictionary attacks done by spammers \nusing phone numbers, with the advent of text messaging and SMS.\n    There is currently more of a need for anti-spam protection for \nwireless devices in foreign markets than in the U.S. The highest risk \nto wireless spam and viruses exists in Asia and Europe, but the need in \nthe U.S. for protection is growing. We can see the future for U.S. \nwireless in overseas experiences as they have adopted wireless \ntechnology more rapidly. One way that spam is affecting wireless \ncommunications overseas is by causing carriers to pay back their own \ncustomers for each spam message received. Since carriers like NTT \nDoCoMo in Japan charge for incoming messages, customers were at first \npaying their carrier for the pleasure of receiving and having to delete \nspam from their own devices. Now DoCoMo refunds customers for spam \nmessages received, which is detrimental to DoCoMo\'s bottom line.\n    Additional costs of wireless spam are passed on to end-users. With \nwireless messaging pricing models, wireless users must pay for each \nmessage and, often, each line of content within that message. With \nunwanted messages flooding wireless devices, end-users will no longer \nfind technologies like SMS a viable mode of communication. With the \ncontinued adoption of wireless communications in the U.S. will come a \ndramatically increased need for wireless anti-spam and anti-virus \ntechnology, to protect the end user and the provider\'s bottom-line. As \nwireless adoption continues, spammers will increasingly target wireless \nusers with spam, making for an expensive and very inconvenient dilemma. \nAs spam invades PDAs, cell phones and the like, wireless carriers will \nhave to block spam or face customer churn and costly refunds for \nunwanted wireless spam.\nInstant Messaging (IM) Spam\n    Spam is also infiltrating the desktops of business and home users \nvia another popular communication tool--Instant Messaging (IM). As more \nbusinesses use IM to communicate with business colleagues who are \noffsite or traveling, spam via this route has some of the same negative \nimpacts that it does via e-mail--productivity issues and potential \nliability issues for offensive content that is delivered via IM.\n    Exhibits 4 and 5 below are examples of recent IM spam that were \nreceived by business users. Exhibit 4 offers a common pitch to lose \nweight while Exhibit 5 contains more offensive content. Spam via IM is \nof particular concern to parents whose children use IM to communicate \nwith friends.\n\nExhibit 4\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nExhibit 5\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nImpact of Current Spam Legislation\nState Legislation\n    As of April 2003, twenty-nine (29) states have spam control laws. \nIn July 1997 Nevada became the first state to enact spam control \nlegislation (law amended in 2001 and 2003). Nevada law states that it \nis illegal to send unsolicited commercial e-mail unless it is labeled \n``ADV\'\' or ``ADVERTISEMENT\'\' at the beginning of the subject line, and \nincludes the sender\'s name, street address, and e-mail address, along \nwith opt-out instructions.\n    Similar spam control legislation was passed in California in \nSeptember 1998. California law currently states that unsolicited \ncommercial e-mail messages must include opt-out instructions and \ncontact information, and opt-out requests must be honored and that \ncertain messages must contain a label (``ADV:\'\' or ``ADV:ADLT\'\') at the \nbeginning of the subject line. Only a small percentage of the messages \nBrightmail processes each month uses these labels, partly because less \nsophisticated spam filters were identifying messages with these marks \nand partly because spammers do not abide by these U.S. state laws since \nthey are not sending spam from these states\n    Indiana and New Mexico and Virginia are the states to most recently \npass spam related legislation, doing so in April 2003. Virginia\'s \nrecently updated law has received a great deal of attention due to the \nstiff penalties for sending spam from within the state of Virginia, \nincluding giving the authorities power to seize assets earned from \nsending bulk unsolicited e-mail pitches while imposing up to 5 years in \nprison for violators.\n    Have these state laws had an impact on the volume of spam? Not \nreally--spam has continued to increase dramatically over the past few \nyears, from being an annoyance to a serious threat to the viability of \ne-mail. Part of the problem has to do with enforcement of the laws--\nthere have been limited number of cases that leverage current state law \ngiven that the burden of proof is often on the recipient and can be a \nheavy burden at best. An example of this heavy burden is the eTracks \ncase that is currently being litigated by a San Francisco-based law \nfirm, Morrison and Foerster LLP. States have limited budgets and those \ndollars are being allocated to enforcing laws that more directly \nimpacts the safety and well being of its residents.\nForeign Spam Legislation\n    We\'ve seen spam legislation enacted in other countries, such as \nJapan where businesses delayed implementing technological solutions in \nhopes that Federal legislation would eliminate the spam problem. The \nlaw, enacted in October 2002, which required unsolicited text messages \nto be tagged, has had little impact on reducing the volume of spam sent \nvia text messaging in Japan.\n    The European Union (EU) has also passed legislation that its member \nstates must comply with by October 2003, which requires that there must \nbe a prior opt-in relationship between a sender and recipient in order \nfor unsolicited e-mail or text messaging to be sent. Some member states \nare already in compliance, but the amount of spam that European e-mail \nusers receive continues to climb. ISPs and European businesses are \nbeing forced to examine technological solutions to the spam problem, \ngiven that legislation is having little impact on the spam problem.\nFederal Spam Legislation\n    There is hope that Federal laws will have the muscle required to \ncombat the growing spam problem. The only current Federal restrictions \non e-mail spam are the general criminal and civil fraud prohibitions. \nThe FTC currently works with law enforcement to combat fraudulent e-\nmail scams, but at the moment 56 percent of spam does not fit the legal \ndefinition for fraud, according to a recent study by the FTC, and is \ntherefore beyond current law. Given federal, state, and local law \nenforcement\'s focus on preventing terrorism and their limited \nresources, they simply cannot keep up with spam.\n    However, there are a number of proposals currently in front of \nCongress.\n    These include the Can Spam Act (revised in April 2003) that would \nrequire unsolicited commercial e-mail messages to be labeled, require \nunsolicited commercial e-mail messages to include opt-out instructions \nand the sender\'s physical address, and prohibit the use of deceptive \nsubject lines and false headers in such messages. Additionally, this \nbill would pre-empt any state laws that prohibit unsolicited commercial \ne-mail outright, but would not affect the majority of state spam laws.\n    Another Federal initiative, the Computer Owners\' Bill of Rights (S. \n563) would require the Federal Trade Commission to establish a ``do-\nnot-e-mail\'\' registry of addresses of persons and entities who do not \nwish to receive unsolicited commercial e-mail messages. Additionally, \nthe FTC would be empowered to impose civil penalties upon those who \nsend unsolicited commercial e-mail to addresses listed on the registry.\n    A third proposed law, the Reduce Spam Act, requires that \nunsolicited bulk commercial e-mail messages would be required to \ninclude a valid reply address and opt-out instructions, and a label \n(``ADV:\'\' or ``ADV:ADLT\'\', or other recognized standard \nidentification). These requirements would apply to messages sent in the \nsame or similar form to 1,000 or more e-mail addresses within a two-day \nperiod. In addition, false or misleading headers and deceptive subject \nlines would be prohibited in all unsolicited commercial e-mail \nmessages, whether or not sent in bulk.\n    Additionally, New York Senator Charles Schumer is planning to \npropose legislation that would incorporate many elements of other \nproposed legislation but also adds funding for enforcement of the ``do \nnot mail\'\' registry component of his proposed legislation.\n    From our point of view labeling has not helped to solve the \nproblem, as it is a component of current state legislation.\nBenefits and Consequences of Legislation\n    As with other public hazards, legislation can play an important \nrole in the fight against spam. However, the extent of the problems \noften extends beyond state and country borders, preventing legislation \nalone from solving the problem. Consider the parallels in the offline \nworld. While there are many ``laws of the road\'\' for drivers, still the \npublic wants the auto industry to build as many safety features into \ncars as they possibly can. Similarly, while ``Breaking and Entering\'\' \nis a felony crime, homeowners use locks, bars and alarm systems to \nprotect themselves from robbery.\n    While legislation plays an important role in highlighting the \nseriousness of spamming, it is currently very difficult to enforce. \nSpamming is a global problem, with e-mail being routed around the globe \nand with wanton disregard for local regulations. Governments cannot \nimpose regional laws on assailants outside their boundaries. Even when \nlegal authorities can catch a spammer within their jurisdiction, the \nburden of proof can be daunting to prosecuting attorneys.\n    Legislation may help to deter some spammers and provides a \nframework for prosecution and operations of both Direct Marketers and \nanti-spam companies. But, enforcement is key and will prove expensive \nand difficult. We need to alert this committee that is it critical to \nset the expectations of the public at the right level as far as the \nreal impact of legislation on the volume of spam received.\n    We believe the solution will involve a coordinated effort by \nInternet Service Providers, Direct Marketers, technology providers and \nlaw enforcement agencies. We will need to establish guidelines that \noutline e-mail best practices. These guidelines will need to be \nfollowed by direct marketers. It will become important to be able to \nidentify legitimate direct marketers and there will need to be \nimprovements in how direct marketers manage their lists.\n                                Appendix\nBrightmail Corporate Overview\n    Brightmail, the worldwide leader in anti-spam technology, provides \nanti-spam software that makes messaging secure and manageable. Founded \nin 1998, Brightmail protects the networks of enterprises, service \nproviders, and mobile network operators by filtering spam, viruses and \nundesired messages at the Internet gateway. Brightmail currently serves \nmany of the largest service providers, including AT&T WorldNet, \nEarthLink, MSN, and Verizon Online as well as leading enterprises that \ninclude eBay, Booz Allen Hamilton, Deutsche Bank, and Cypress \nSemiconductors.\n    In April 2003, across its customer base, Brightmail software \nfiltered over 60 billion messages and protected over 250 million \nmailboxes.\n    Brightmail anti-spam architecture includes a patent protected \n``spam alert network\'\' called the Brightmail Probe Network, a \ncollection of more than a million decoy e-mail accounts. It is designed \nto attract unsolicited e-mail and has a statistical reach of more than \n250 million e-mail accounts that provide Brightmail with a unique \ninsight into the changing face of spam throughout the world.\n    Brightmail is backed by world-class investors and partners and is \nheadquartered in San Francisco, CA.\nBrightmail Architecture\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nProbe Network<SUP>TM</SUP>\n    The Probe Network has a statistical reach of more than 250 million \ne-mail accounts. It consists of millions of decoy e-mail addresses that \nreceive more than 300 million spam messages per month. The data from \nthe Probe Network is used for the real-time creation of anti-spam rules \nthat are propagated to Brightmail customers every few minutes--24 hours \nper day. This patent protected technology is used to provide Brightmail \ncustomers with spam protection from the highly dynamic, ever changing, \nphenomena that spam has become.\n    U.S. Patent 6,052,709 (Apparatus and method for controlling \ndelivery of unsolicited electronic e-mail)\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\nBLOC (Brightmail Logistics and Operations Center)\n  <bullet> Operates 24 hours/day--365 days/year\n\n  <bullet> Employs state-of-the-art tools to identify new spam attacks\n\n  <bullet> Messages are automatically grouped into spam attacks and \n        then rules automatically written against them\n\n  <bullet> QA technicians verify the rules before they are made \n        available\n\n  <bullet> New anti-spam rule updates every few minutes\n\n  <bullet> Rules are transmitted via a secure conduit (HTTPS)\n<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>\n\n\n  <bullet> Brightmail software is installed at the customer site\n\n  <bullet> Brightmail\'s extensive anti-spam rule set contains filters \n        that automatically block identified spam attacks\n\n  <bullet> Uses sophisticated grouping algorithms and pattern matching \n        to identify and eliminate spam as it enters the e-mail gateway\n\n  <bullet> Updated in real-time\n\n  <bullet>  Protection against spam is always current\n\n    The Chairman. Thank you, sir. Mr. Hughes.\n\n  STATEMENT OF J. TREVOR HUGHES, EXECUTIVE DIRECTOR, NETWORK \n                     ADVERTISING INITIATIVE\n\n    Mr. Hughes. Mr. Chairman and Members of the Committee, I \nwant to thank you for inviting me to testify. My name is Trevor \nHughes, and I am the Executive Director of the Network \nAdvertising Initiative.\n    The NAI is a cooperative group of companies, and we are \ndedicated to resolving public policy concerns related to \nemerging technologies. In the past, the group has tackled \nissues such as self-regulatory solutions for online ad \ntargeting and the use of web beacons online. We have now turned \nour focus to the growing problem of spam and to that end, a \ncoalition has been formed within the NAI which is made up of 35 \nleading companies which are e-mail service providers. All of \nthese companies are struggling with the onslaught of spam, as \nwell as the emerging problem related to the deliverability of \nlegitimate and wanted e-mail.\n    Let me tell you a little bit about e-mail service \nproviders. E-mail service providers enable their customers to \ndeliver volume quantities of e-mail messages. These messages \noriginate from the full spectrum of the U.S. economy. Large and \nsmall businesses, educational institutions, nonprofits, \ngovernmental agencies, publications and affinity groups all use \nthe services of e-mail service providers to communicate with \ntheir customers, members, and constituents.\n    While ESPs do serve the marketing needs of the marketplace, \nit is by no means the only customer group served. My members \nprovide and deliver transactional messages such as account \nstatements, airline confirmations, and purchase confirmations. \nThey deliver e-mail publications and newsletters. They deliver \naffinity messages. The NAI and the e-mail Service Provider \nCoalition believes that much can be done to solve the problem \nof spam. At the most fundamental level, we believe that we need \nto create accountability within the e-mail delivery system. \nSpammers spend their days concocting new methods to obscure and \nfalsify their identity in order to sneak past existing filters \nand avoid accountability.\n    In many ways, our existing tools are merely reacting to the \nspam that is received today and not preparing for or combatting \nthe spam that will arrive tomorrow. For this reason, we believe \nthat the solution to spam exists in three components, a \nlegislative component, a technological component, and a social \ncomponent. I will address the technological component briefly, \nand then focus on the part of the solution for which we look to \nyou, Federal legislation.\n    Part of the problem in treating the spam epidemic is that \nspammers enjoy the impunity of anonymity. Spammers hide behind \nopen relays, they spoof identities, and they deceive recipients \nwith misleading from and subject lines. Make no mistake, the \nbusiness of spamming is one of fraud and deception.\n    The NAI recently proposed a technological blueprint to \nrespond to this problem. Essentially the blueprint, called \nProject LUMOS, is designed to force senders of volume e-mail to \nincorporate authenticated identity into every message sent. The \nuse of authenticated identity, along with a rating of sending \npractices over time, prevents spammers from hiding behind the \ntechnology of e-mail, and forces all senders to be accountable \nfor their sending practices. We have engaged with many of the \nmajor ISPs and other groups on this effort, and we are greatly \nencouraged by the traction our effort has gained since it was \nlaunched 1 month ago.\n    The ESP coalition strongly believes that strong, preemptive \nFederal legislation will be a critical component, but again not \nthe only component in the successful resolution of the spam \nproblem. In the United States today we have 28, and it could be \n29 by now, states that have enacted some form of spam \nlegislation. Unfortunately, the standards and definitions \napplied by these statutes are not consistent. As a result, we \nhave a crazy quilt of different standards that has created an \nunnecessarily complex compliance system.\n    To make matters worse, enforcement within the global medium \nof e-mail is exceedingly difficult when limited by state \nboundaries. We need preemptive Federal legislation to harmonize \nthese standards and provide powerful tools to enforcement \nofficials.\n    We believe that the current spam bill before the Senate, \nthe CAN-SPAM Act, strikes the appropriate balance with regard \nto preemption. The CAN-SPAM Act would allow for a national \nstandard to be set for the delivery of unsolicited commercial \ne-mail. Given the incentives provided within the bill, most \nlegitimate businesses will move to a fully consent-based model \nfor e-mail delivery. This is particularly true where the \nstandards set by the bill will be uniform across the entire \ncountry. To combat spammers, the bill provides strong \nenforcement tools for the FTC, the state Attorneys General, and \nto ISPs. We strongly support enforcement by all of these \ngroups.\n    One issue that has been raised in discussions regarding \nspam legislation and may be raised again is a private cause of \naction. Such a solution, while tempting, would do nothing to \nstop spam. Spammers spend their days looking for ways to \ntechnologically obscure their identity. Pursuing spammers \nrequires enormous technological, financial, and investigative \nresources. Individuals do not have such resources, but \nGovernments and ISPs do.\n    We have a very real example of what a private cause of \naction means when included in a spam statute. In the state of \nUtah, a spam statute was passed last year that allows for a \nprivate cause of action in class action lawsuits. A single \nplaintiffs firm in Utah has now filed hundreds and by some \naccounts thousands of class action lawsuits under the statute, \nbut the firm is not pursuing spammers.\n    Given the cost and complexity of finding actual spammers, \nthis firm has targeted leading companies and brands using law \nfirm employees as plaintiffs and seeking out ``gotcha\'\' moments \nas the basis of their complaints. Perhaps most telling is the \nfact that there are no data to suggest that the amount of spam \nin Utah has been reduced by even one message.\n    Another issue that has been raised in relation to spam is \nthat of opt in versus opt out. Over the past few years, our \nindustry has lost critical time debating this issue while spam \nhas been allowed to proliferate. Let me make this perfectly \nclear. This debate, regardless of what standard is eventually \nadopted, will not result in the reduction of spam. A spammer\'s \nstock in trade is in deception. They do not care about whether \nthey have permission from the recipient. They pay no heed to \nall of the existing state laws regarding spam. The most \nrestrictive opt-in statute will do nothing to dissuade spammers \nfrom sending their messages.\n    Again, the NAI is very supportive of the CAN-SPAM Act. We \nwill continue to work with staff over a few technical details \nof the bill, but look forward to seeing a Federal law enacted \nthis year. On behalf of the NAI E-mail Service Provider \nCoalition, I want to pledge that we will continue to work to \nfight spam and preserve e-mail with you and the members of your \nstaff.\n    Thank you, and I look forward to your questions.\n    [The prepared statement of Mr. Hughes follows:]\n\n      Prepared Statement of J. Trevor Hughes, Executive Director, \n                     Network Advertising Initiative\nExecutive Summary\n    The NAI is a cooperative group of companies dedicated to resolving \npublic policy concerns related to privacy and emerging technologies. In \nthe past, the NAI has successfully launched self-regulatory solutions \nto online ad targeting, and the use of web beacons. The NAI has now \nturned its focus to the growing problem of spam and the related concern \nof deliverability of wanted e-mails. As part of this effort, a \ncoalition has been formed within the NAI to represent the interests of \ne-mail service providers (ESPs). The E-mail Service Provider Coalition \n(``ESP Coalition\'\') is made up of 35 leading companies--all of which \nare struggling with the onslaught of spam, as well as the emerging \nproblems related to the deliverability of legitimate and wanted e-mail.\n    E-mail service providers enable their customers to deliver volume \nquantities of e-mail messages. These messages originate from the full \nspectrum of the U.S. economy--large and small businesses, educational \ninstitutions, non-profits, governmental agencies, publications, and \naffinity groups all use the services of ESPs to communicate with their \ncustomers, members, and constituents. While ESPs serve the marketing \nneeds of the business community, it is by no means the only customer \ngroup served. E-mail service providers also deliver transactional \nmessages (such as account statements, airline confirmations, and \npurchase confirmations); e-mail publications; affinity messages; and \nrelational messages. Within the ESP Coalition, we estimate that our \nmembers provide volume e-mail services to over 250,000 customers.\n    The ESP Coalition sees spam as a threat to the long-term viability \nof the ESP industry. Indeed, spam presents a dire threat to all uses of \ne-mail--marketing, transactional, affinity and relational--as the \ncontinued growth of spam will lead to the widespread abandonment of e-\nmail as a communications tool. Put simply, the spam problem will \ncritically damage the ESP industry if it is not curtailed. Consumers \nand businesses will not use e-mail if the system becomes so choked with \nmisleading and deceptive messages that those messages that are actually \nwanted are lost in the fray.\n    The ESP Coalition strongly supports legislation to respond to the \ngrowing menace of spam. We believe that strong preemptive Federal \nlegislation will be a critical component (but not the only component) \nin the successful resolution of the spam problem.\n    In the United States today, we have 28 states that have enacted \nsome form of spam legislation. Many more are considering spam \nlegislation in their current legislative sessions. Unfortunately, the \nstandards and definitions applied by these statutes (and proposed in \npending bills) are not consistent. As a result, we have a crazy quilt \nof differing standards and definitions that has created an \nunnecessarily complex compliance system. To make matters worse, \nenforcement within the global medium of e-mail is exceedingly difficult \nwhen limited by state boundaries. We need preemptive Federal \nlegislation to harmonize these standards and provide powerful tools to \nenforcement officials.\n    Federal legislation must carefully balance the legitimate use of e-\nmail against the need to respond to spam. E-mail represents one of the \nmost powerful drivers of efficiency and productivity in today\'s \neconomy. Our response to spam must take into account and protect the \nwidespread utility of e-mail. Overly restrictive or poorly crafted \nsolutions may end up ``throwing the baby out with the bathwater\'\' and \ndamaging the very tool we hope to protect.\n    The NAI is very supportive of the current spam bill proposed in the \nSenate (the CAN-SPAM Act). While we continue to work on some minor \ntechnical details within the bill--such as the length of time available \nfor processing unsubscribe requests and definitional issues--we are \nencouraged by the fundamental structure and approach taken by Senators \nBurns and Wyden. We feel that this bill endeavors to balance the \ncontinued use of e-mail as a legitimate communications tool with strong \nstandards and enforcement tools to prevent spam.\nTestimony\n    Mr. Chairman and Members of the Committee, I want to thank you for \ninviting me to testify. My name is Trevor Hughes, and I am the \nExecutive Director of the Network Advertising Initiative (NAI). The NAI \nis a cooperative group of companies dedicated to resolving public \npolicy concerns related to privacy and emerging technologies. In the \npast, the NAI has created self-regulatory programs for online ad \ntargeting, and the use of web beacons. The group has now turned its \nfocus to the growing problem of spam and the related concern of \ndeliverability of wanted e-mails. As part of this effort, a coalition \nhas been formed within the NAI to represent the interests of e-mail \nservice providers (ESPs). The E-mail Service Provider Coalition (``ESP \nCoalition\'\') is made up of 35 leading companies--all of which are \nstruggling with the onslaught of spam, as well as the emerging problem \nrelated to the deliverability of legitimate and wanted e-mail.\n    Let me begin my testimony by explaining the unique role that e-mail \nservice providers play in the search for solutions to the spam problem.\n    E-mail service providers enable their customers to deliver volume \nquantities of e-mail messages. These messages originate from the full \nspectrum of the U.S. economy--large and small businesses, educational \ninstitutions, non-profits, governmental agencies, publications, and \naffinity groups all use the services of ESPs to communicate with their \ncustomers, members, and constituents. While ESPs serve the marketing \nneeds of the business community, it is by no means the only customer \ngroup served. E-mail service providers also deliver transactional \nmessages (such as account statements, airline confirmations, and \npurchase confirmations); e-mail publications; affinity messages; and \nrelational messages.\n    The ESP industry is robust and growing. Within the ESP Coalition, \nwe estimate that our 35 members provide volume e-mail services to over \n250,000 customers. These customers represent the full breadth of the \nU.S. marketplace--from the largest multi-national corporations to \nsmallest local businesses; from local schools to national non-profit \ngroups and political campaigns; from major publications with millions \nof subscribers to small affinity-based newsletters. Even my local \nsoccer association uses an e-mail service provider to deliver schedules \nand standings to the players in the league.\n    Jupiter Research estimates that the e-mail marketing industry \n(which, again, is only a portion of the total spectrum of ESP \ncustomers) will grow in size to 2.1 billion dollars in 2003 (up from \n1.4 billion dollars in 2002). By 2007, Jupiter estimates that the size \nof the e-mail marketing industry will reach 8.2 billion dollars. All of \nthese numbers are for the U.S. market alone. Expanding the scope of \nthis research to include all customers served by ESPs and foreign \nmarkets would increase these numbers significantly.\n    But the size and importance of e-mail in the marketplace should not \nbe measured by dollars alone. E-mail is indeed the ``killer app\'\'. Over \nthe past ten years, e-mail has been a strong driver of productivity and \nefficiency in the marketplace. It has also been an important social \ntool. E-mail has shortened distances in the world--allowing \ncommunication to occur with unprecedented speed and detail. E-mail has \ncreated affinity within groups that previously were too widely \nseparated geographically to effectively recognize their common \ninterests and positions.\n    As an example of the importance of e-mail, a recent study by the \nMETA Group showed that, given a choice between e-mail or telephones, 74 \npercent of business people would give up their phones before e-mail. In \nother words, 74 percent of people now find e-mail to be more critical \nthan the telephone in their daily work.\nThe Threat of Spam and the Solution(s) to Spam\n    The ESP Coalition sees spam as a threat to the long-term viability \nof the e-mail service provider industry. Indeed, spam presents a dire \nthreat to all uses of e-mail--marketing, transactional, affinity and \nrelational--as the continued growth of spam will lead to the widespread \nabandonment of e-mail as a communications tool. Put simply, the spam \nproblem will critically damage the ESP industry if it is not curtailed. \nConsumers and businesses will not use e-mail if the system becomes so \nchoked with misleading and deceptive messages that those messages that \nare actually wanted are lost in the fray.\n    I will not belabor the statistics on the growth of spam or the \ncosts associated with handling spam. Surely all of the panelist can \nagree that we are presented with an enormous problem. Without an \nexpedient solution, spam may end up killing the ``killer app\'\' of e-\nmail.\n    The media and marketplace have been replete with spam solutions for \nmany years. Important vendors, such as Brightmail, have done a \ntremendous job at stemming the tide of spam. But the problem still \nexists and continues to grow. Increasingly, we are presented with the \nquestion: can anything be done?\n    The NAI believes that much can be done to solve the problem of \nspam. At the most fundamental level, we believe that we need to create \naccountability within the e-mail delivery system. Spammers spend their \ndays concocting new methods to obscure and falsify their identity in \norder to sneak past existing filters and avoid accountability. In many \nways, our existing tools are merely reacting to the spam received \ntoday--and not preparing for or combating the spam that will arrive \ntomorrow. Stated differently, our efforts to cure spam are responding \nto the symptoms (the actual spam received) and not the cause (the lack \nof accountability on the part of spammers).\n    So how do we create accountability within the e-mail system?\n    We believe that the solution to spam exists in three components: \nlegislative, technological, and social. Let me address the \ntechnological and social components quickly and then focus on the part \nof the solution for which we look to you: Federal legislation.\nThe Technological Component\n    Part of the problem in treating the spam epidemic is that spammers \nenjoy the impunity of anonymity. Spammers hide behind open relays, they \nspoof identity, and they deceive recipients with misleading ``from\'\' \nand ``subject\'\' lines. Make no mistake; the business of spamming is one \nof fraud and deception.\n    The recent efforts of the FTC in relation to open relays and \ndeception in spam should be commended. It is critical that we have \nstrong deterrents to dissuade spammers from their trade. But the \nfundamental architecture of the Internet and e-mail protocols still \nallows for the deception to occur.\n    The NAI recently proposed an architectural ``blueprint\'\' to respond \nto this problem. I will submit a description of the effort along with \nthis testimony. Essentially, the NAI\'s blueprint, called ``Project \nLumos\'\', is designed to force senders of volume e-mail to incorporate \nauthenticated identification into every message sent. The use of \nauthenticated identity, along with a rating of sending practices over \ntime, prevents spammers from hiding behind the technology of e-mail and \nforces all senders to be accountable for their sending practices. We \nhave engaged with many of the major ISPs and other groups on this \neffort and are greatly encouraged by the traction our effort has gained \nsince our launch just one month ago.\n    Other technological solutions also hold promise. The NAI is \nactively working with other constituencies in the marketplace to bring \nabout such solutions. I hope that we will have much more to share with \nyou before the end of this year.\nThe Social Component\n    One part of the spam problem that has not been actively discussed \nis the need for consumer education around the appropriate use of e-mail \naddresses.\n    The Center for Democracy and Technology (www.cdt.org) recently \nreleased a study on the consumer actions that result in exposure of e-\nmail addresses and, subsequently, spam. The results were compelling: \nthe CDT report found that appropriate management of an e-mail address \nby the holder of that address can drastically reduce the amount of spam \nreceived. Further, the study found that there are a few actions that \ncan create enormous amounts of spam. Specifically, the CDT reported \nthat posting an e-mail address on a public website and posting an e-\nmail address in a public newsgroup or chatroom both resulted in huge \namounts of spam. This is due to the use of ``spiders\'\' or ``bots\'\'--\nprograms that scour the web for e-mail addresses and harvest them into \na spammer\'s database.\n    Clearly, one component in the total solution to spam is the \neducation of consumers on issues such as those raised by the CDT \nreport. If consumers understand those practices that result in spam, \nthey will be much better able to control the amount of spam in their \nin-boxes.\nThe Legislative Component\n    The ESP Coalition strongly supports Federal legislation to respond \nto the growing menace of spam. We believe that strong preemptive \nFederal legislation will be a critical component (but not the only \ncomponent) in the successful resolution of the spam problem.\n    In the United States today, we have 28 states that have enacted \nsome form of spam legislation. Many more are considering spam \nlegislation in their current legislative sessions. Unfortunately, the \nstandards and definitions applied by these statutes (and proposed in \npending bills) are not consistent. As a result, we have a crazy quilt \nof differing standards that has created an unnecessarily complex \ncompliance system. To make matters worse, enforcement within the global \nmedium of e-mail is exceedingly difficult when limited by state \nboundaries. We need preemptive Federal legislation to harmonize these \nstandards and provide powerful tools to enforcement officials.\n    We believe that the current spam bill before the Senate, the CAN-\nSPAM Act, sponsored by Senators Burns and Wyden, strikes the \nappropriate balance with regard to preemption. The CAN-SPAM Act would \nallow for a national standard to be set for the delivery of unsolicited \ncommercial e-mail. Given the incentives provided within the bill, most \nlegitimate businesses will move to a fully consent-based model for e-\nmail delivery. This is particularly true where the standard set by the \nbill will be uniform across the entire country. To combat spammers, the \nbill provides strong enforcement tools to the FTC, state attorneys \ngeneral, and ISPs. We strongly support enforcement by all of these \ngroups.\n    As a coalition made up of legitimate businesses in the e-mail \nindustry, the NAI also strongly supports the inclusion of an \naffirmative defense for good faith compliance efforts within the CAN \nSPAM Act. Such tools help to ensure that litigation is properly \ntargeted towards true spammers, and offers important protections for \nbusinesses working diligently to maintain approved best practices.\n    One issue that has been raised in discussions regarding spam \nlegislation, and may be raised again, is that of a private cause of \naction. Such a solution, while tempting, would do nothing to stop spam \nand would definitely create a morass of litigation against legitimate \ncompanies. Spammers spend their days looking for ways to \ntechnologically obscure their identities. Pursuing spammers requires \nenormous technological, financial and investigative resources. \nIndividuals do not have such resources, but governments and ISPs do. In \nfact, if a private cause of action existed, ISPs would be drawn away \nfrom their enforcements efforts by a flood of discovery requests \ngenerated through consumer litigation.\n    We have a very real example of what a private cause of action means \nwhen included in a spam statute. In the state of Utah, a spam statute \nwas passed last year that allows for a private cause of action and \nclass action suits. A single plaintiffs\' firm in Utah has now filed \nhundreds (and by some accounts, over a thousand) class action lawsuits \nunder this statute. But the firm is not pursuing spammers. Given the \ncost and complexity of finding actual spammers, this firm has targeted \nleading companies and brands--using law firm employees as plaintiffs \nand seeking out ``gotcha\'\' moments as the basis of their complaints. \nPerhaps most telling is the fact that there are no data to suggest that \nthe amount of spam in Utah has been reduced by even one message.\n    Another issue that has been raised in relation to spam legislation \nis that of ``opt-in\'\' versus ``opt-out\'\'. Over the past few years, our \nindustry has lost critical time debating this issue, while spam has \nbeen allowed to proliferate.\n    Let me make one thing perfectly clear: the debate over ``opt-in\'\' \nor ``opt-out\'\', regardless of what standard is eventually adopted, will \nnot result in the reduction of spam. A spammer\'s stock and trade is in \ndeception. They do not care about whether they have permission from the \nrecipient of the message. They pay no heed to all of the existing state \nlaws regarding spam. The most restrictive ``opt-in\'\' spam statute will \ndo nothing to dissuade spammers from sending their messages.\n    A recent FTC study conveys this point succinctly. By reviewing a \nlarge body of spam received within the agency, the FTC estimated that \nfully two thirds of spam is fraudulent, misleading or deceptive. This \nmeans that the majority of spam is already violating an existing law in \nthe United States.\n    As currently written, the CAN-SPAM Act will provide important \nincentives for legitimate businesses to raise their e-mail standards. \nThe NAI firmly believes that e-mail must be sent with the consent of \nthe recipient, or within a pre-existing business relationship. \nFurthermore, we believe that e-mail should be sent with informed \nconsent--meaning that recipients have clear and conspicuous notice as \nto the results of providing their e-mail address. This is a meaningful \nand workable standard.\n    Again, the NAI is very supportive of the CAN-SPAM Act. We will \ncontinue to work with staff on a few technical issues details of the \nbill (such as the need for longer processing periods for unsubscribe \nrequests), but look forward to seeing a Federal law enacted this year.\nThe Threat of Filtering and Blacklists\n    Before I conclude today, I want to raise one growing problem in the \nfight against spam. While spam clearly represents a serious threat to \nthe continued viability of e-mail, the problems created by some of the \ncurrent tools used to combat spam are equally threatening. Internet \nService Providers (ISPs) are aggressively building filtering \ntechnologies to limit the amount of spam entering their systems. \nConceptually, this is a positive development. However, the spam filters \ncurrently in place are creating a new problem: wanted e-mail is not \nbeing received.\n    According to a report by Assurance Systems, in the 4th quarter of \n2002, an average of 15 percent of permission based e-mail was not \nreceived by subscribers to the major ISPs. Some ISPs had non-delivery \nrates that were startling:\n\n\n\n\n          NetZero                    27%\n          Yahoo                      22%\n          AOL                        18%\n          Compuserve                 14%\n          AT&T                       12%\n\n\n    The same report for the 3rd quarter of 2002 showed an average of 12 \npercent non-delivery rate for the major ISPs--meaning that the \nfiltering of permission based e-mail increased 25 percent from the \nthird to fourth quarters of 2002. Some of the e-mail campaigns within \nthe Assurance Systems report had non-delivery rates as high as 38 \npercent.\n    Non-delivery of wanted messages due to filtering (called ``false \npositives\'\' within the industry) represents an enormous threat to the \nongoing viability of e-mail as an effective communications tool. The \nmarket will stop using e-mail for important communications if e-mail \ndelivery is unreliable. It is critical that false positives be \neliminated if e-mail is to survive as an efficient and productive means \nfor communication.\n    One of the main drivers in the false positive problem is the \nemergence and use of blacklists. These are lists of alleged spammers \nthat ISPs--and any network administrator--can use to filter incoming e-\nmail. The blacklist operators build registries of IP addresses that \nthey believe are associated with spam and make the lists available \npublicly. Currently, there are an estimated 300 blacklists in \noperation.\n    Again, the concept of a blacklist may seem to make sense at first \nglance. Unfortunately, the reality of blacklists in today\'s marketplace \nis far different.\n    Many blacklists operate without standards and operate behind a veil \nof anonymity. For example, one of the leading blacklists, SPEWS \n(www.spews.org), offers no contact information: no phone numbers, no \nnames, no addresses, and no e-mail address for the organization. The \nwebsite has purportedly been registered in Irkutsk, Russia. SPEWS has \nno defined standards for posting to its blacklist--evidence has shown \nthat a single complaint can result in the blocking of an entire range, \nor ``neighborhood\'\', of IP addresses. Further, for those innocent \nsenders that become listed on SPEWS, the only way to resolve the \nproblem is to post their request for removal to a public spam forum \navailable through Google (http://groups.google\n.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&group=news.admin.net-\nabuse.email).\n    All of these efforts are designed to combat spam. But in their zeal \nto eliminate the problem, they have created a potentially disastrous \n``ricochet\'\' effect: false positives. Going forward, our solution to \nspam must carefully balance the need for strong action against spammers \nwith a determination to preserve the deliverability of legitimate e-\nmail.\nConclusion\n    The NAI believes that the problem of spam will be best resolved \nthrough three powerful forces: legislation (and enforcement); \ntechnology; and consumer education. Our group is actively working with \nISPs and solutions providers to craft architectural solutions to spam \nthat will drive accountability into the dark recesses of the Internet. \nWe strongly feel that technology must be used to force spammers to \nidentify themselves and be held accountable for their practices. We \nalso believe that consumers must understand the need for careful \nmanagement of their e-mail addresses. We could drastically reduce the \namount of spam received by average consumers through educational \nefforts on what not to do with an e-mail address.\n    But the technological and educational solutions are not enough. We \nneed a strong Federal statute to raise the standards for e-mail \npractices across the entire country. Legitimate businesses will respond \nto such a statute by raising their practices to meet or exceed the \nstandard set by law. Enforcement officials at both the state and \nFederal level and ISPs will have powerful tools to seek out and bring \nto justice those individuals responsible for spam. And we can do it \nwhile maintaining the balance necessary to preserve the legitimate use \nof e-mail.\n    Mr. Chairman, on behalf of the NAI E-mail Service Provider \nCoalition, I want to pledge that we will continue to work to fight spam \nand preserve e-mail with you and members of your staff. Spam is a \ncomplex problem and our efforts to craft solutions must be thoughtful, \nrobust and effective.\n    Thank you and I look forward to any questions you may have.\n\n    The Chairman. Thank you. Mr. Rotenberg.\n\n        STATEMENT OF MARC ROTENBERG, EXECUTIVE DIRECTOR,\n\n       ELECTRONIC PRIVACY INFORMATION CENTER AND ADJUNCT\n\n          PROFESSOR, GEORGETOWN UNIVERSITY LAW CENTER\n\n    Mr. Rotenberg. Thank you, Mr. Chairman and Members of the \nCommittee. My name is Marc Rotenberg. I am Executive Director \nof the Electronic Privacy Information Center. We are a \nnonprofit, nonpartisan research organization here in \nWashington. We work in close association with the consumer and \ncivil liberties organizations both in the United States and \naround the world.\n    I think it is fair to say that there are few issues of \ngreater concern to Internet users today than the growing \nproblem of spam, but I think it is also fair to say that it is \none of the most complex policy issues facing the Internet. Even \nthough there is broad agreement about the tremendous cost and \ninconvenience that spam is placing on the use of the Internet, \nthere is still important questions about the appropriate role \nof law and technology, the relationship between the Federal \nGovernments and the states, and even the question of how best \nto ensure consumer protection with a problem that clearly has \ninternational dimensions, but all of these factors do not \ndiminish the scope of the problem.\n    As Chairman Muris stated at the public workshop last month, \napproximately 40 percent of e-mail messages today could be \nconsidered spam, and it is to be anticipated that in the next \nyear the majority of e-mail traffic on the Internet will be \nspam.\n    As Mr. Salem commented as well, it is also the case that \nspam will be migrating to new communication environments, \nincluding both Internet messaging and cell phone advertising, \nso the need to draw an effective line here with respect to the \nInternet has consequences as well for development of new \nindustry and new consumer services.\n    There are many factors that contribute to the problem of \nspam. As you all know, it is relatively easy and inexpensive to \nsend a message to many, many people online. It is also \nobviously difficult to determine the origin of the messages, \nparticularly for the most aggressive spammers. There are \ndifficult jurisdictional problems, particularly with respect to \ninternational spam, and there are even some definitional \nproblems associated with spam, as well as the fact that \ntechnical solutions which are being pursued aggressively by the \nISPs are nonetheless imperfect.\n    As one of the witnesses commented earlier, spam filters \nhave the effect of both underblocking, which is to say, \nallowing messages to go through that the user does not desire, \nas well as overblocking, which means to exclude messages that \nthe end user would like to receive. In almost any filter \nsystem, the end user has to download the e-mail and incur the \ncost and connection time to receive the messages before the \nfilters are activated.\n    I wanted to focus briefly on what I think are the key \npolicy issues in trying to find a solution to the spam problem, \nand I am going to draw both on the experience of list \ndevelopment on the Internet as well as previous efforts with \nlegislation to protect privacy when similar problems have \narisen, and I would like to point out first of all that I think \nif any case is clearly made for an opt-in provision, it is for \nonline marketing. In fact, the traditions on the Internet \nindicate this, because as people who have been on the Internet \nfor a while and understand the operations of lists, the best \nlists operate on an opt-in basis.\n    People are provided the opportunity to sign up for the \nlist. If their e-mail address changes, there are easy ways for \nthem to change the e-mail address, and if they wish to be \nremoved from the list, they can do so by quickly going to a web \npage or sending an unsubscribe message. These are the practices \nthat are being followed by the best marketing firms online, as \nwell as the companies that understand that permission-based \nmarketing, marketing based on opt in, works particularly well \nin the online environment. Now, there is a good argument about \nwhether or not it would work in the offline environment, but \nfor the online environment, I think opt in is the right way to \ngo.\n    I would also like to suggest that on the question of \nenforcement means, the private right of action that is found in \nthe Telephone Consumer Protection Act that gives individual \nconsumers the opportunity to go to small claims court and seek \na maximum, a maximum of $500, has proven to be an effective way \nof dealing with the problem of junk faxes and telemarketing, \nand I think a private right of action that provides limited \ndamages is also a matter of fairness, because, of course, it is \nthe end user who is being inconvenienced and burdened by the \nunsolicited marketing.\n    Finally, on this critical issue of preemption, I am very \nsympathetic to the concerns of the industry groups about trying \nto comply with 50 different state statutes, but the reality is \nthat it is the state Attorneys General who have been on the \nfront lines of dealing with the spam problem, and it has been \nthe state legislatures that have developed many of the most \neffective and innovative responses in response to the growing \nproblem of spam, and I would like to caution you about the \ndanger of basically telling the state legislatures and the \nstate Attorneys General that the problem to spam will be found \nin Washington, and that the limited opportunities to go after \nspammers if a Federal preemption law was passed will \nessentially be eliminated.\n    That having been said, I would like to thank you, Mr. \nChairman and Members of the Committee, and particular Senator \nBurns and Senator Wyden, who I know have been doing a great \ndeal of work on this issue for a number of years, for your \nefforts. Many people online will be very grateful to you if an \neffective, sensible solution can be found to the problem of \nspam.\n    [The prepared statement of Mr. Rotenberg follows:]\n\n Prepared Statement of Marc Rotenberg, Executive Director, Electronic \n     Privacy Information Center and Adjunct Professor, Georgetown \n                         University Law Center\nSummary of Recommendations\n  <bullet> Continue to support strong enforcement action by the FTC\n\n  <bullet> Promote international cooperation, particularly with \n        consumer protection agencies\n\n  <bullet> Recognize that many of the current spammers are likely \n        subject to prosecution under current unfair and deceptive trade \n        practices laws\n\n  <bullet> Enact a Federal baseline that establishes an opt-in \n        standard, gives consumers legal rights to go after spammers, \n        and does not preempt state law\n\n  <bullet> Anticipate that similar problems may arise with cellular \n        phone advertising in the near future\nStatement\n    Mr. Chairman, members of the Committee. Thank you for the \nopportunity to testify today about the problem of Unsolicited \nCommercial E-mail, or ``spam.\'\' My name is Marc Rotenberg. I am the \nExecutive Director of the Electronic Privacy Information Center. EPIC \nis a non-profit, non-partisan research organization. We work in close \nassociation with a wide range of consumer and civil liberties \norganizations, both in the United States and around the world.\n    There are few issues of greater concern today to users of the \nInternet than spam. Spam is also one of the most complex policy issues \nfor the Internet. Even though there is broad agreement about the \nurgency of the problem, there are still questions about the appropriate \nrole of law and technology, the relationship between the Federal \nGovernment and states, and even the question of how best to tackle a \nconsumer problem that clearly has a significant international \ndimension.\nScope of the Spam Problem\n    As Chairman Muris noted at the recent FTC public workshop, the spam \nproblem is increasing rapidly. In 2001 the FTC began to routinely \ncollect spam. During that year, the FTC received an average of 10,000 \nmessages per day. In 2002, that figure went up to 47,000 a day. The \nnumber has gone to 130,000 e-mails a day this year. As a measure of how \nfast a new e-mail address can attract spam, Chairman Muris reported \nthat the FTC had seeded an e-mail address in a chat room. That e-mail \naddress began receiving spam in eight minutes.\n    It has been estimated that 40 percent of e-mail in the United \nStates is spam, creating an annual cost of over $10 billion. These \ncosts are incurred through lost productivity and the additional \nequipment, software and labor needed to deal with the problem.\n    On spam, the interests of Internet users and the Internet industry \nare generally aligned. Only the Direct Marketing Association has \nexpressed opposition to sensible opt-in legislation. However, as the \nrecent FTC Workshop made clear, this position is simply not viable in \nthe online world. Permission-based marketing, which relies on the \naffirmative consent of consumers, has always been a good business \npractice. Now it may be critical to stem the flood of undesired e-mail.\nFactors Contributing to Spam\n    Several factors contribute to the spam problem. First, it is \ninexpensive and relatively simple to send spam to a very large number \nof Internet users. Unlike traditional junk mail, the marginal cost for \neach additional electronic message is essentially zero. Therefore, \nspammers are as likely to send to a million users as they are to a \nthousand.\n    Second, the origin of spam is often difficult to determine. \nSpammers will frequently send messages from domains they do not own and \nin ways that conceal the source of the message. The spammers also show \nlittle regard for any effective list management. There is no meaningful \neffort to obtain consent or allow users to opt-out of undesired \nmarketing.\n    Third, spam raises difficult jurisdictional problems. Spammers may \nsend messages from one state to another and even from one country to \nanother. While there is general agreement across jurisdictions about \nthe need to reduce spam, there are questions about how best to \ncoordinate enforcement measures.\n    Fourth, there are definitional problems associated with spam. \nCommercial marketers who engage in bulk e-mail advertising may be \nreluctant to concede that their messages are spam even though the vast \nmajority of recipients find the messages burdensome and undesirable. \nSome Internet users may consider bulk political mail as ``spam,\'\' \nthough for both practical reasons and the First Amendment, it is \nappropriate to distinguish between commercial and non-commercial bulk \nmail.\n    Fifth, technical solutions are imperfect. While ISPs have had some \nsuccess identifying the source of spam, spammers rotate domains and \neven change the key terms in a message to avoid detection. Similarly, \ntypical users find it difficult to adapt filters and other techniques \nto accurately remove spam. There is always the risk that a filter will \ndelete messages that the user needs to receive. Other techniques, such \nas challenge and response, may be too cumbersome for most users.\n    Sixth, the long-time reluctance of the private sector to \nacknowledge the need for a legislative solution to the spam problem \ncoupled with the Direct Marketing Association\'s active opposition to \nInternet privacy has certainly contributed to the problem. While the \nindustry\'s desire to avoid regulation is understandable, here the \nfailure to establish strong measures to limit spam are contributing to \na tragedy of the commons that threatens to undermine the commercial \npotential of the Internet.\nDifficultly Consumers Face with Spam\n    While ISPs clearly face a significant cost that can be measured in \nbandwidth, staff hours, hardware, and even litigation fees, consumers \nface the ongoing annoyance that spam simply makes the Internet less \nfriendly and e-mail less useful. For the consumer facing a mailbox full \nof spam, even good software programs do not solve the problem of the \ntime and cost of downloading e-mail before it can be analyzed and \nassessed. These burdens fall particularly on consumers in rural \nregions, consumers who are traveling outside the country, and others \nwho are likely to pay high fees while connected to the Internet.\n    The most widely used spam filters, while they can be effective, \ninvariably under block and over block incoming mail. As a result, users \ncontinue to receive undesired e-mail and are losing important e-mails \nthat may include business proposals or simply notes from friends. Some \nspam filters group incoming messages as likely being spam, but the \nconsumer must still sort through the messages.\n    In addition, many of the techniques proposed by some are simply \nimpractical or nonsensical. For example, a challenge response method to \ndetermine whether e-mail is coming from an actual person would probably \ndiscourage even desired communication. Similarly, routinely changing \nmail addresses is an impractical solution as is trying to prevent one\'s \nmail address from being posted on a website where it can be harvested \nby one of the programs is not a workable approach as anyone who has a \npublicly accessible staff directory knows.\n    A better approach for the consumer is one that empowers individuals \nto go after the spammers who misuse their personal e-mail address for \nunsolicited commercial e-mail and impose costs and burdens.\nTechnical Measures\n    It is clear that industry groups and technical groups are eager to \nfind a solution to the spam problem. Many innovative approaches are \ncurrently being pursued even as some of the routine flaws that are \nexploited by spammers are fixed.\n    Congress should continue to encourage technical solutions, but the \npossibility of technical solutions should not be a reason to avoid \nlegislation. ISPs clearly favor better legal tools as well as better \ntechnologies to go after spammers when they can be identified. \nMoreover, without legal sanctions there is no practical basis to put an \nend to egregious spamming.\n    There is one caution on the technology front that should be brought \nto the attention of the Committee. Several technological solutions, not \nsurprisingly, focus on determining the actual identity of spammers, and \nwould make identification through digital certificates and other means \na requirement for sending e-mail to multiple recipients. While this \napproach may be appropriate for commercial speech, it would not be \nappropriate for political or religious speech. The Supreme Court has \nmade clear in a series of cases that the right to speak anonymously is \na central element of the First Amendment. Any attempt by the government \nto require identification for bulk e-mail that would include political \nspeech would raise significant Constitutional concerns.\nLegislative Proposals\n    S. 877, the CAN-SPAM Act, sponsored by Senator Burns and Senator \nWyden, contains many important elements for a good anti-spam measure. \nAll unsolicited marketing e-mail would be required to have a valid \nreturn e-mail address so recipients could ask to be removed from mass \ne-mail lists. Once notified, marketers would be prohibited from sending \nany further messages to a consumer who has asked them to stop.\n    The bill would enable Internet Service Providers (ISPs) to bring \naction to keep unlawful spam from their networks. The legislation \ncontains enforcement provisions allowing the Federal Trade Commission \nto impose civil fines on those who violate the law. State Attorneys \nGeneral would be given the ability to sue on behalf of citizens who \nhave been targeted by unscrupulous marketers.\n    This a good starting point, but we urge the Committee to go \nfurther, particularly to protect consumer interests. As the Burns-Wyden \nmeasure currently stands, it is simply not a sufficient solution. It \ngives the FTC a great deal of authority and the ISPs many opportunities \nto bring complaints. However, for the state attorneys who are already \non the front lines and for the users who are also saddled with the \ncosts and burden of spam there is not enough in the bill currently to \nreform egregious online practices or assure that spammers will be \npursued.\n    Three critical changes are necessary to strengthen the Burns-Wyden \nmeasure. First, the Committee should endorse a full opt-in regime for \nunsolicited commercial e-mail except in those cases where a prior \nbusiness relationship exists. Opt-in is the logical basis for Internet \nmailings. In fact, most Internet lists today are based on opt-in. These \nlists typically also provide users with the opportunity to update their \ncontact information and remove themselves from the list if they choose. \nThere are many opportunities for companies to obtain consent and to \nbuild online marketing techniques, in parallel with the traditional \nInternet lists, which would be welcome by consumers. Where there is a \ngenuine preexisting relationship, then it would be appropriate to \ncommunicate by e-mail. Simply visiting a website is not sufficient. \nThere should be some actual exchange for consideration before a \n``preexisting business relationship is established.\'\'\n    Second, the bill should incorporate a private right of action that \nallows individuals to bring action in small claims court, similar to \nthe approach established by the Telephone Consumer Protection Act \n(TCPA) for junk faxes and telemarketing. The opportunity to pursue a \nmodest judgment in small claims court has provided a useful incentive \nin the effort to stem junk faxes and would be helpful for spam. In \nfact, many of the state measures take an approach similar to the TCPA \nin recognition that those who are the target of spam should have the \nlegal right to seek redress against those who are responsible for the \nspam. Also, as the TCPA has shown, a national do not e-mail list may \nhelp with enforcement, though technical experts have expressed some \nconcerns about the possible misuse of a national Do Not Spam list.\n    Third, the bill should not preempt state law. While it is clear \nthat some revisions have been made to the CAN SPAM Act to take account \nof the important efforts of states to combat spam, the bill still \nunduly restricts state legislatures that have been on the front lines \nof the problem. Even with the FTC\'s important enforcement efforts, \nthere is a real risk that a ``one size fits all\'\' approach will not be \neffective and will undermine the basic structure of federalism in the \nUnited States that allows the states to pursue different approaches to \ncommon problems.\n    As Washington Attorney General Christine Gregoire stated on behalf \nof the Attorney Generals for 44 states, a weak Federal statute that \npreempts stronger state laws will reduce the level of consumer \nprotection and facilitate the continued growth of spam. This would \nclearly not be a desirable outcome.\nHouse Proposals\n    Several proposals are also under consideration in the House. Those \nbills that establish opt-in, provided for a private right of action, \nand leave the states free to pursue innovative approaches will respond \nto the spam problem most effectively. There is also an interesting \nprovision in one of the House measures that would penalize automated \nharvesting techniques that are deployed for the purpose of sending \nunsolicited commercial e-mail. This provision may help with the spam \nproblem.\nAdditional Issues\n    Mr. Chairman, you asked us also to address related issues that may \nbe of interest to the Committee. I\'d like to note that the problems of \nUnsolicited Commercial E-mail are likely to arise in a new setting that \nwill impact million of consumers in the United States and that is cell \nphone based advertising. Although we are still in the early stages, it \nis apparent from the experience of other countries that consumers are \nbeginning to express concern about advertising on their phones. If it \nis permission-based, there should be few problems. But if marketers \nbegin to send bulk text messages or video messages to cell phone users, \nthere will certainly be negative effects on the growth of cell phone \nbased services. Already, providers in the United States are proposing \nto send e-mail to cell phones.\n    There is also significant work on the spam problem underway in many \ncountries outside of the United States, and in particular in the \nEuropean Union. It is interesting to note that virtually all of these \napproaches rely on an opt-in and some private right of action. The \napproach taken in the European Union Communications Directive \nemphasizes permission-based marketing and the need to ensure that even \nafter opt-in is established, consumers retain the right to opt-out of \nonline marketing lists.\n    Similarly, an extensive report from the Australian government on \nthe spam problem released just last month urges the adoption of \nlegislation based on prior consent where there is no preexisting \nbusiness relationship; requires commercial electronic messages to \ncontain accurate details of the senders names and physical and \nelectronic addresses; and further recommends appropriate codes of \nconduct for marketers and effective means of enforcement.\n    Finally, a joint resolution issued in 2001 by the Trans Atlantic \nConsumer Dialogue, an alliance of more than sixty consumer \norganizations in the United States and Europe, recognized that the use \nof unsolicited commercial electronic communication is a growing burden \nfor people who use e-mail. The TACD said, ``governments need to work \ntogether to develop common approaches to address consumer concerns \nabout unsolicited commercial e-mail.\'\' The group acknowledged the \nimportant differences between commercial and non-commercial speech, and \nurged the adoption of a policy based on prior affirmative consent.\nConclusion\n    Mr. Chairman, spam is a complex problem. There is no simple \nlegislative solution. A multi-tiered approach that includes aggressive \nenforcement, better technology for identifying and filtering spam, and \ncooperation at the state and international level will all be necessary. \nIn addition, baseline Federal legislation that gives users the \nopportunity to go after spammers and ensures that marketing lists are \nbuilt on explicit consent and not on deception is a critical part of \nthe effort to stem the tide of undesired commercial e-mail. Given the \nrapid increase in the spam problem in just the last two years, I urge \nthe Committee not to delay action on legislation.\nReferences\n    Prepared Statement of the Federal Trade Commission before the \nSubcommittee on Commerce, State, the Judiciary and Related Agencies of \nthe Committee on Appropriations, United States House of \nRepresentatives, April 9, 2003 (Chairman Timothy J. Muris).\n\n    Coalition Against Unsolicited Commercial E-mail\n    http://www.cauce.org/\n\n    Commission Nationale Informatique et Libertes, website on spam.\n    http://www.cnil.fr/frame.htm?http://www.cnil.fr/thematic/internet/\nspam/spam sommaire.htm\n\n    CNIL\'s Report on Spam\n    http://www.cnil.fr/thematic/docs/internet/boite a spam.pdf\n\n    EPIC Spam Page\n    http://www.epic.org/privacy/junk_mail/spam/\n\n    FTC Spam Page\n    http://www.ftc.gov/spam/\n\n    Federal Trade Commission, ``False Claims in Spam\'\' (April 2003)\n    http://www.ftc.gov/spam/\n\n    CAN-SPAM Act, S. 877 (Senators Burns-Wyden)\n    http://www.spamlaws.com/federal/108s877.htm\n\n    Internet Society, ``All About the Internet: Spamming\'\'\n    http://www.isoc.org/internet/issues/spamming/\n\n    Junkbusters\n    http://www.junkbusters.com/\n\n    National Office of the Information Economy, ``Final Report of the \nNOIE Review of the Spam Problem and How It Can Be Countered\'\' (April \n2003)\n\n    David E. Sorkin, Spam Laws\n    htp://www.spamlaws.org/\n\n    Directive 2002/58/EC of the European Parliament and of the Council \nConcerning the Processing of Personal Data and the Protection of \nPrivacy in the Electronic Communications Sector (``Directive on Privacy \nand Electronic Communications\'\') http://register.consilium.eu.int/pdf/\nen/02/st03/03636en2.pdf\n\n    TransAtlantic Consumer Dialogue (TACD), ``Resolution on Unsolicited \nCommercial E-mail\'\' (2001)\n    http://www.tacd.org/cgi-bin/db.cgi?page=view&config=admin/\ndocs.cfg&id=98\n\n    The Chairman. Thank you, Mr. Rotenberg. Mr. Scelson, \nwelcome.\n\n                 STATEMENT OF RONALD SCELSON, \n                    SCELSON ONLINE MARKETING\n\n    Mr. Scelson. First off I would like to thank Senator McCain \nfor inviting me here for this. I know I am probably the most \ndisliked person in this entire room. I send close to 100 \nmillion e-mails out every 12 hours.\n    The Chairman. You have shown a great deal of courage by \ncoming here today, and we appreciate it.\n    Mr. Scelson. There are a lot of things, listening to you \nspeak----\n    The Chairman. Pull the microphone closer.\n    Mr. Scelson. Listening to you all speak, I originally had a \nspeech just like these gentlemen, but being here today, I have \nto get a little bit more of a feel about the things people do \nnot like and what the Government\'s aspects of this are, and the \ne-mails I send out right now, the reason I have gone back to \nbeing a spammer--I originally started out, spam was not known \nas spam back then, but eventually started becoming one----\n    The Chairman. How long have you been in business?\n    Mr. Scelson. Fifteen years. The reason e-mail has grown is, \npeople still buy. My average complaint ratio is 1,000 people \ncomplain, close to 2,000 removes in a mailing, and a 1 to 2 \npercent response rate. If it is hated so bad then why do more \npeople buy than they complain about it?\n    Most of what the Government is not aware of, and certain \nISPs, including Hotmail\'s newest filters that are here with us, \nleave out in detail to you all is, right now, the state laws, \nfor instance, that say you have to provide a valid remove and \nADV and a subject, their key filter, which was just updated on \nThursday, I had broken as of Friday and released free to the \nother bulk mailers, has in there that remove word, unsubscribe, \nopt in.\n    Well, now, you tell me follow the law, do not send spam, be \na good guy. I would be a good guy and mail in the Hotmail and \nAOL, no offense, and their filters will filter this out. Now, \nif I do not use this, I am then accused of being a spammer. I \nagree with all of the people here, there is no reason to use \nproxies, there is no reason to use relays, and a remove is a \ngood option to add in there for people to use.\n    As far as the way we gather our addresses, most addresses \nfor bulk snail mail are purchased from banks and a lot of \ncompanies. Your proposal to make extracting and gathering e-\nmail addresses and buying them is a good idea if this is also \ngoing to be added to the snail mail industry. What is fair for \none is fair for the other.\n    Personally, I do not get addresses this way, so it does not \naffect me. Most of the gentlemen that are here all offer a \nmember\'s directory and I am a paid member of all of these \nclients. This member\'s directory is identical to a Yellow Pages \nproviding e-mail name, phone number, and address. To automate \nsoftware, which I have done for clients to extract phone \nnumbers and phone books, is the exact same technology that \nextracts their members directory, which I am a paid member of, \nand this is granted free from AOL to give me access to all \nthese users.\n    AOL does have the highest filter system in the world, no \nmatter what anybody thinks. I do this every day. I give them \nfull credit for this. The biggest thing I find, most people \nalso seem to forget when it comes to this, is the carriers \nright now are deciding and filtering whose mail gets what. \nWhether you are going to read and see our mail or not, this is \ncensorship. I was brought up and fought for this, and still \nfight for this, because I believe in freedom. As an individual, \nwhat makes us free is the freedom of choice, and that is who \nshould decide whether or not they are going to receive this \nmail or not. The Senator here does not like receiving e-mail. \nIt should be his choice to decide whether he is going to \nreceive it or not.\n    I have heard the facts that it has risen the price of AOL \nand other companies\' business to their customers, to increase \npricing, and the burden of mail basically getting into their \nsystem. Some of these price increases are brought on by their \nown filters. At one time, you could send 100 messages, 100 \npeople one message at a time, using less resources and less \nbandwidth. Their new filters now make it mandatory that we send \none person one message at a time, thus chewing up their \nbandwidth and increasing their cost.\n    On our end, I have one location alone that is $2,200 a week \nin bandwidth, so I keep hearing, the more we send, the less \ncost we have. The same bandwidth which you chew up on your end \nwe are chewing up on our end. I am more than willing to work \nwith any legislation to solve this problem. I agree spam is not \nthe way to go. When I set up my company to not send spam and \nsend 100 percent legal mail, we went above and beyond that to \ninclude a toll-free phone number, a physical address, a \nwebsite, full information on the bottom of our messages, so \nthat we were 100 percent we are above and beyond all common \nlaws.\n    The areas such as Qwest, which I have lawsuits against some \nof these carriers, AT&T, BellSouth, AOL I have had dial up \naccounts through that they have also terminated. If you mail \n100 percent legal and they get a single complaint, they will \nturn around and kill your circuit, so A, we go out of business, \nor B, we then resort to forging the headers.\n    The biggest complaint here is, you cannot find us. Well, if \nyou could, you are going to shut us down, so why should we let \nyou find us?\n    The laws definitely need to be made. I keep hearing there \nis no one simple solution. If you look at my written testimony, \nwhich it will take Government backing, and I am sure AOL\'s \npeople would like to look at this as well, it states in there a \nvery simple way that costs no money on AOL\'s end, no money on \nour end, makes the tax dollars go back to the Government, \nbecause if I stay here in the U.S. I owe you tax money for all \nthe money I am making, the customers, et cetera. You pass the \nlaws, we go outside the U.S., operations get moved outside the \nU.S., and from what attorneys have told me, if the corporation, \nthe incoming money and everything is outside the U.S., there is \nno tax dollars owed in the U.S.\n    And basically, if you look at this system, it is very \nsimple, to the point it does not cost money, and if the \nsystem\'s broken, that is where legislation again would have to \nenforce it. It solves the whole problem.\n    As of right now the last carrier I was on was Covista. I \nwas on them for 2 weeks, sending approximately 180 million e-\nmails a day. That is one e-mail per user in my database a day. \nI never send more than that. They shut me down for a total of \n1,200 complaints. Well, when you look at the volume of mail I \nam pumping out, to get 1,200 complaints mathematically is \nnothing.\n    I do honor my removes. Even to this day, I send spam \nbecause I have to cloak my circuits to protect them from being \nshut down, but I still run, still have an honor, have a valid \nremove. It is not known as opt out, it is not known as a remove \nbecause the filters would interfere, but words such as take me \noff your list is very understandable to a person receiving it, \nand very much honored.\n    One of the other big problems in e-mail is, the anti-spam \norganizations preach, do not use the removes, we are confirming \nyour address is good, we will not remove you. I cannot say \nthere are not dumb people in the world. They are in every form \nof business and any walk of life, every nationality, it does \nnot matter, but most companies I know of have the advanced \ntechnology that when I send an e-mail to Hotmail server, I know \nright out of the gate whether that address is good or bad, and \nif it is bad, instead of, because we have to force affirm \naddresses due to your filters, if that address is bad, my \nmailer will not send it to it, just to keep from clogging up \nanybody else\'s server, so since I know whether the address is \ngood or bad or not, whether you ask to be removed, all that \ntells me is yes, you want the mail or no, you do not. I already \nknow you are good. AOL, on the other hand\'s, system accepts \neverything, but AOL is nice enough to provide the undeliverable \nto everybody, so I still know if you are good or not.\n    Agreed, there needs to be a solution, but just do not take \nthe freedom away from the individual. This should be their \nright and not the carrier\'s to say, we are going to shut you \ndown and we are going to block you.\n    Most anti-spam groups that are fighting against spam are \nnot Government-backed, Government-owned or anything. The reason \nCovista shut me down is that Spam House went to Qwest, which is \nCovista\'s carrier, and threatened to blacklist their entire \nnetwork because every anti-filtering trick they hit me with did \nnot work, and I still stayed 100 percent legal, and because of \ntheir threat Qwest passed it on down the line. I had to sue \nCovista for this.\n    Now, between everybody here, it is not their fault. I do \nnot feel I should have to sue them, but that is the way the \nGovernment works. The anti-spam groups that have no legal right \nare interfering and forcing these people to shut us down. The \nPink Contracts, which is what got me really well-known, \neveryone thinks they are contracts to send spam. I can show \nthese contracts to you. There is not a single word in that \ncontract to send spam. The details of that contract define \nevery state, what its law is, and that if I send mail staying \nwithin every one of these laws, they will not shut me down, \nwhich I should not have a contract to have to do this.\n    My price for the bandwidth is three times higher when used \nfor this particular means of doing it, and they still will step \nin eventually, once they get threatened enough, and shut you \ndown, and most people are not aware of all of this. Most bulk \nmailers are scared to admit it because of the recourses that \nwill happen. I have been fighting for so long that if I do not \nsay anything and no one else does, then either everyone is \ngoing to really turn to the underground and become a really bad \nthing, or we can find a solution and work together.\n    AOL has AOL\'s special offers. I am assuming you are \nfamiliar with this. It is their own personal spam company. They \nspam their own users with it, and I have received at my Hotmail \naccount from AOL special offers advertisements to sign up for \nAOL, so the same people that are here complaining about mail \nsend mail. Why? Because it is profitable to the client and to \nthem.\n    I am told there are a lot of cost factors in reading this \ne-mail, and the time it takes up on your end, Senator, when you \nread this e-mail, for you to go through it and push delete, \nwhich if we could use ADD you would know which ones are junk to \nmake it a lot easier.\n    When you read this mail and push delete, yes, it took some \nof your time, but if you are at home where you do not have the \nextra assistance of the people around you, you have to walk \noutside, go get the junk mail out of the box, read this junk \nmail--do you ever think of how many chemicals, pollution, trees \nand all are involved in this, and then you have to throw it \naway, so if you add the time it takes you to deal with snail \nmail versus e-mail, both of them cost you time and money. E-\nmail is less on that comparison.\n    And that is basically all I have to say, and thank you \nagain for having me here today.\n    [The prepared statement of Mr. Scelson follows:]\n\n                                 Scelson\'s Online Marketing\n                                                        Slidell, LA\nTo Whom It May Concern,\n\n    My name is Ronald Scelson and I am the owner/operator of a \ncommercial e-mail company that sends bulk e-mail as a form of \nadvertising for companies over the Internet. I feel my company is doing \nno different than any other advertising company who uses the postal \nservice to send out unsolicited bulk-mail to your home. The only \ndifference is we send this information via the Internet instead of the \nUnited States Postal Service.\n    It all began with sending e-mail into newsgroups. It went from \nthere to the sending of e-mail, as we know it today. At that time mail \nwas just sent, we didn\'t care how. It was just pumped out and there \nwere no removes. ``Removes\'\' is an industry term meaning--a hyperlink \nthat will be sent back to the sender asking to have his/her e-mail \naddress removed from your mailing list. When e-mail advertising started \ngetting known by people as ``Spam,\'\' my company was one of the first \ncompanies to get removes and valid ``From\'\' addresses. Now, in response \nto the commercializing of e-mails, some groups were formed as \n``Blacklisting\'\' companies. For example, SpamCop started interfering \nand getting us blacklisted. Note: These companies are not government-\nbacked nor funded, they are typical ``everyday people\'\' playing the \nrole of a bully. Intimidating Internet carriers to cut off service to \nmy company and other companies paying top dollar for Internet Service. \nMy belief is that this business is doing a legitimate form of \nadvertising and when done correctly, makes the client, government, and \nthe commercial mailers money.\n    In response to the bully tactics used by the Anti-Spam hate groups, \nmy company decided to go Opt-In. In order to do this, Commercial \nMailers had to sign a contract with the carriers now known as ``Pink \nContracts.\'\' They are said to be Spam contracts to allow the sending of \nSpam under today\'s terminology. What these contracts were really for \nwas to force us to pay twice as much money as a normal business would \nfor Internet Service. Allow commercial e-mail to be sent not ``Spam\'\' \nto people without shutting us down. Now what this really means is that \nall states have laws pertaining to e-mail and if you break this law the \ne-mail that is sent will be considered to be ``Spam.\'\' This contract \nallowed us to send e-mail as long as we abide by every state law. \nMeeting all of the requirements indicated by individual state law will \nnot be considered Spam. This would also not be in violation of any \nISP\'s (Internet Service Provider) policy.\n    Now, when we sent the mail this way Anti-Spam (groups of people \nagainst Commercial e-mail that post your private info on their site. \nThey also violate and interfere with current laws) groups would go to \nthe carrier and tell the carrier ``Hey! We\'ve blacklisted them every \nway we can they are getting around it somehow so either you shut them \ndown or we will shut you down!\'\' Well, then the carrier shuts us down \nand breaks the contract. We have tried this with several companies. The \nlast time we tried this doing it 100 percent legal the outcome was my \ncircuit was shut down, we were put out of business and a major \nlawsuit--which to this day has still not been resolved. So, I was \nforced to go back to being a ``Spammer,\'\' where I could keep my \nInternet connection live and support my family. I believe that there \nshould be guidelines and Spam should be illegal. But the only way this \nwould work is when the carriers realize that we live in the United \nStates and not a communist country! They provide services that aren\'t \ndifferent than any electric company. They get paid not to read, censor, \nand destroy people\'s e-mail, but to provide a service!\n    Now the individual has lost his/her right to get any e-mail he/she \nwants. The Carriers have determined that they would screen all incoming \nmail and only allow e-mail that the carrier wants the end user to \nreceive. But not limiting themselves to their own advertising, that \nstill to this day does not get screened. If I were to go into your Post \nOffice Box, without your written permission, open your, mail, decide \nwhat I think you should have or should not have, I would go to jail for \nthis. This is exactly what the carriers are doing, The government says \nthey want you to identify yourself and put ``ADV\'\' (advertising) in the \nsubject and not forge your headers. If I mail 100 percent legal you \ncome across two problems:\n\n  1.  The carrier, not the individual, filters ADV, then none of my \n        mail will get in and I will go out of business,\n\n  2.  If I identify myself and not forge anything, the \'SP will \n        terminate my circuit for mailing legal and put me out of \n        business.\n\n    This is called legal mail, but I won\'t last a week and my line will \nbe turned of For no legal reasons, except for the bullying power the \nanti-spam groups have. 1 agree with having laws governing bulk e-mails. \nBut carriers should be held accountable when they submit to these anti-\nspam groups. Terminating service to companies; such as my own, without \nany legal reason to do so is not the democracy that we all should be \nliving. I think it should be done the right way as long as the carriers \nknow they will be shut down for blocking a company or shutting down a \ncompany doing it legally. Filters are designed for 1SPs to eliminate \n``Spam\'\'. Most of these people that design these are ``scam-artists.\'\' \nThink about it, if the server accepts mail in any way. Then there is a \nway to send bulk mail. If laws are passed to eliminate bulk e-mail, \nthen the ISPs will shut down the commercial mailers. Then all the \nmailers are going to do is start corporations offshore and send their \nmail from offshore, now your laws and filters do nothing. Then, there \nis no taxable money being exchanged and money will be sent out of the \ncountry. This is not a solution, this is a joke!\n    I designed a system 5 years ago because I believe in the freedom of \nthe United States and the company that I stand behind. We should have \nthe right to do our business in a legal way with out any interference \nfrom someone whom has no say so in the matter. The system that can stop \nSpam gives the freedom back to the people, It is very simple and very \ncheap, especially when you look at AOT. who spent 11 million dollars \nlast year to stop Spam and it did not work. Most people are not aware \nwhen you hit the send e-mail button what all happens behind the scenes. \nMail servers talk together just like people, if you send an e-mail to \nfjdhfjhdhsj\n@hotmail,com it will give an answer, error 550 user not available this \nmeans the address is no good. If you send it to \n<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e0928f8e8e89859383858c938f8ea0888f948d81898cce838f8d">[email&#160;protected]</a> and my mailbox is full it will give an error \n520 users mailbox full. Now my system is really simple and would be \nused by the individual not the carrier to stop Spam. They all have \nbuttons in web-based e-mails example (Send mail) all you have to do is \nput an option ``No Bulk E-mail\'\' and put a check in the box. What this \nwill cause to happen is when I send an e-mail to you, I will see an \nerror (example: 420) at that point, I know this user does not want e-\nmail.\n    This could only work if legislature enacts a law that would require \nCommercial mailers to look for this error when mailing. They would also \nbe held criminally liable if they ignore and continue to send mail to \nthese accounts. If you mail without forged headers, a valid from \naddress, contact information and ``Adv\'\' in the subject they cannot \nshut you down or block you. If they do, there should be a fine imposed \non the ISP. There would be no need for removes. Users are complaining \nthey didn\'t ask to receive the mail so why should they remove \nthemselves from 2000 plus different e-mail companies; they are right \nthis system eliminates that problem.\n    Reporters have interviewed me several times on this issue; and the \narticles have always focused on the money being made and never mention \nthe cost that ``we\'\' as Commercial Mailers have to put out. The \nbandwidth at just one location cost $2,100.00/wkly, which is \napproximately $110,000.00 annually just for one carrier. AOL says they \nspend millions stopping Spam. This is a cost factor they brought on \nthemselves and are passing on to the consumer. They are spending money \ndoing something they should not be doing in the first place. I find \nthis to be illegal, immoral, and unconstitutional. An example of this, \nis if I take a gun and shoot someone, the gun doesn\'t go to jail for \nmurder, I do. I, as a human, squeezed the trigger. Well, AOL puts a \nfilter in place that reads, censors, and destroys legal mail THIS is \nillegal. They get away with this because they say a human does not read \nthese messages, but a human did press the enter key to read and destroy \nmail. What is the difference? Some people state that snail mail is okay \nbecause you pay the post office to send it. We are more like private \ncarries like UPS and FedEx. (UPS and FedEx are registered trademarks to \nthe individual companies. They are not in any way affiliated with my \ncompany.) A customer pays a private carrier to send mail. This company \nthen pays the costs for fuel, drivers, and the truck to deliver the \nmail. As a customer pays us to send mail, we in turn pay for the \nservers, networking, electricity, and technology to deliver the mail. \nThe ISPs say that ``Spam\'\' is chewing up so much bandwidth they are \nright at the end of capacity; this is their own fault. Part of ISPs \nAnti-spam filters do not allow high ``BCC\'\' (blind carbon copy) I could \nset my BCC setting to 500 for every 500 people who get this e-mail I \nwill use up a total of 33k in size (est. the ad is 33k). Since this \nfilter is in place, I have to mail at 1 BCC, which means that if I send \nan ad to 500 people then it would be like 500 times 33k. Now I have \nconsumed 1.6 megabytes of bandwidth for those 500 people. So, now you \nsee why their cost went up,\n    They say ``Spammers\'\' break laws, well here are some examples:\n\n        If we use ADV it, we are blocked.\n\n        If we use Remove or unsubscribe, we are blocked.\n\n        If we use the same ``From\'\' address that is valid, we are \n        blocked..\n\n        If we send too many e-mails from one IP, we are blocked.\n\n    So, we have two options:\n\n  (1)  Break the law and stay in business or do it legal and go out of \n        business. (Meanwhile these carriers continue to violate the \n        laws that are passed and for a touch of proof if you go to this \n        website there is a list of common filters look for yourself. \n        http://www_mirror.ac.uk/sites/spamassassin.taint.org/spam\n        assassin.org/tests.html)\n\n  (2)  If the government wants to pass laws it needs to be fair to \n        everyone involved. The Commercial Mailers and the Carriers. But \n        not allow these Anti-Spam groups to get away with threatening \n        peoples lives just to feel that they have the power to control \n        a company\'s destiny. Every state should have the same law to \n        eliminate any possibility of violating these laws. This is \n        necessary, due to the fact, that it is unknown where the \n        recipient of an e-mail resides and whether or not you have \n        violated any laws.\n\n    I don\'t believe you should e-mail private servers. AOL, Hobnail, \nYahoo etc. provide consumers a service offering e-mail addresses. The \nconsumer should have the right to choose to receive and sort his or her \nown mail, not the carrier. Laws and Censoring (filtering) e-mail are \nnot going to work, it will only drive the price up for the smaller \ncompanies. As with the larger companies, like Norton\'s System Works,. \nWhich sold more copies than ever before with e-mail. Due to the \nreduction of the marketing and merchandising costs, the product was \nmade available to the consumer at $39.95 in contrast to the $299.99 \nretail cost in stores.\n    I consider myself living the American dream. I went to school in \nNew Orleans where it was plagued by drugs and weapons. This is not what \nschool was meant to be. I managed to survive the experience and ended \nup in a low-income neighborhood, still filled with drugs and violence. \nEven with a GED, I could not give my children the life I believe they \ndeserve. So I started my own company and taught myself how to \naccomplish these things. In doing so, I found a way to create a \nbusiness, provide for my family and put my children through a better \nschool environment than I had. This to me IS the American Dream; \nfreedom to grow and become something you dream of being. For doing this \nI was criticized, shut down, put out of business and threatened. I hope \nby me coming forward, this will show the untold side of the story that \nthese anti-spam groups don\'t want you to hear.\n    Please allow yourself to be open-minded and compare this industry \nto bulk mail. The differences between the two are that when you receive \nmail at your home, You open it, read it if you want, then throw it in \nthe trash. You then have to carry that trash to the curb, where it is \nthen hauled away and used as landfill (like we don\'t have enough trash \nalready). Not to mention the trees that are cut down for the paper \nused! Then there is the Electronic Mail (E-Mail). If you don\'t want it, \njust check off DELETE. No mess, no cleanup, no pollution. I think my \nway is better!\n    If there are any questions or comments, or if I could be of any \nservice, please don\'t hesitate to contact me.\n            Respectfully submitted,\n                                            Ronald Scelson.\n\n    The Chairman. Did you say that it took you less than 24 \nhours to break one of Mr. Salem\'s filters?\n    Mr. Scelson. Yes, sir.\n    The Chairman. How do you feel about that, Mr. Salem?\n    Mr. Scelson. Excuse me, on his part, to defend him, \nsomething most people forget is, if a server accepts mail, \nobviously there is a way in. Unless the server does not accept \nmail there will always be a way in.\n    Mr. Salem. So I think that it is pretty clear that spammers \nhave an economic incentive to try to avoid filters. One comment \nthat I will make is that the way our solution works, we \nactually have set up a very elaborate system that basically \nonly receives unsolicited bulk e-mail, so any mail messages \nthat are being blocked are not based on words such as remove or \nunsubscribe, or anything else, so what that means is, if you \nhit our decoys, by definition, that decoy never requested the \nmail, so we are able to say, yes, it is definitively spam, and \nwhat our customers contract us to do is block that mail.\n    I will tell you that we will continue the fight, because \nthat is what our customers want us to do, and over the next \ncouple of years I am confident we will solve this problem.\n    The Chairman. Mr. Leonsis, are you a spammer?\n    Mr. Leonsis. Well, I would like to hire you.\n    [Laughter.]\n    Mr. Leonsis. We would probably have a better relationship \nif you were on our side of the fence. I took a couple of notes \nduring your comments, and very articulate, very heartfelt, and \nwe have not raised prices to our members because of spam. We \nare absorbing that cost. We are taking an advocacy position for \nour members.\n    With AOL, when you sign on, and since you are a paid member \nyou would know that there is a terms of service, and our \nprivacy policy, and we do not allow any member or any company \nor any partner that pays us to spam our members. We have \npreferences that allow you to opt out of AOL e-mails, AOL pop-\nups, and we promote that.\n    In fact, we have been actively promoting that off of our \nfront screen, and so you have been violating TOSS, and I am \nsure you have been opening multiple accounts.\n    In regards to how they are getting e-mail addresses from \nmember directories, that is a shame. AOL has always considered \nitself a community, and we have been able to get people to \nlocate other people. My mother, as an example, died of breast \ncancer, and when she was sick she would go to the member \ndirectory to try and locate other women who were recently \ndiagnosed with breast cancer. She certainly was not going to \nthe member directory so that she could get e-mails that were \nunwanted or unsolicited or pornographic, and that is why that \npart of the business across the industry has shrunken, because \npeople are gaining knowledge of what the tricks are and are now \nlooking at their identity as being something that they need to \nprotect.\n    So while I believe that marketing is important, I also \nbelieve that e-mail is not a medium, that e-mail is more a \nutility. It is something basic and fundamental. There are \nplaces on ISPs and places on services that you can buy \nadvertising and reach out to members, it does not trick people, \nand we need to kind of separate out kind of the myths from the \nfacts of how commerce is done.\n    The Chairman. Mr. Scelson talks about Pink Contracts. What \ndo you know about that, and do you believe it is prevalent \ntoday, and I will ask Mr. Hughes and Mr. Rotenberg the same \nquestion.\n    Mr. Leonsis. We are taking a different approach right now. \nWe do not look at black lists.\n    The Chairman. My question is, do you know about Pink \nContracts and do you believe it is prevalent today?\n    Mr. Leonsis. I am not aware of how prevalent or not it is. \nWhat we have really done is say that how we look at what spam \nis, it is not our opinion, it is our members\' opinion. We every \nday baseline where the complaints are coming, and the ones that \nrise to the top and get escalated, that is what spam is, and we \nhave really no opinions on it. We have a very, very large, \nactive community. We let them report in, and the numbers do not \nlie. When our members say, this is spam, that is when it gets \nblocked.\n    The Chairman. Mr. Hughes, do you know of the Pink Contracts \nthat Mr. Scelson refers to, and Mr. Salem knows about them. \nMaybe I should ask him next. Go ahead, about the Pink \nContracts.\n    Mr. Salem. There are definitely relationships between \nmarketers and ISPs, and oftentimes we are asked to make sure \ncertain mail is not blocked. That is absolutely the case. as \nfar as the details of those agreements, I am not aware of those \ndetails.\n    The Chairman. Mr. Hughes.\n    Mr. Hughes. Clearly, we have heard of Pink Contracts, and \nas we understand it, Pink Contracts are paid for delivery \ncontracts. I am not aware of any of my members engaging in \nthose practices, but let me say that we truly are in a Spy v. \nSpy situation. We have heard on the other end of our panel here \ntoday that AOL on the one hand is building more robust filters \nday by day by day, and spammers on the other side are working \nat ways to avoid those filters.\n    As a result, the legitimate players in the middle \ndelivering transactional messages, the consent-based marketing \nmessages, have to build relationships with ISPs in order to \nmake sure that wanted mail is actually delivered, and in some \nsituations this is actually critical mail to have delivered. \nFor example, it could be an airline ticket confirmation. It is \na transactional message that is delivered in volume.\n    So I can tell you quite definitively that a year ago, 18 \nmonths ago, none of my members really had resources that were \ndedicated to ISP relationships. In other words, delivery \nrelationships. Today, most of my members have at least one, and \nsometimes they have full staffs.\n    The Chairman. I was referring to the relationship of \nspammers and ISPs. I am talking about the illegitimate \ncontracts, not the one where you get an airline ticket.\n    Mr. Hughes. Sure. We have definitely heard of the practice. \nI have never heard of it within our organization. There \ndefinitely is a place, though--I want to make sure it is clear, \nthere is a place for a dialogue between senders and ISPs.\n    The Chairman. I understand there is room for dialogue \nbetween all the mail recipients and senders, but if there are \ncontracts that go, that actually not only condone but \ncontractualize the practice of spamming, then we have got an \nissue here.\n    Mr. Hughes. I would agree.\n    The Chairman. Mr. Rotenberg.\n    Mr. Rotenberg. Mr. Chairman, I am not familiar with the \npractice, but I do want to say briefly that I would challenge \nMr. Scelson\'s assertion that he gets 1 to 2 percent response \nrate on his mailings. I find that very hard to believe.\n    The Chairman. Well, we will let Mr. Scelson respond, then. \nGo ahead.\n    Mr. Scelson. I can pull lead stats from one of my servers \noff my laptop top show you what it did before filters were \nkicked in, after filters were penetrated. The 1 percent is the \nmost average. There are a few exceptions, and one good \nexception to this was Norton System Works was a reseller, was a \nclient of mine. AOL is very familiar with that one. I know they \ngot hit hard with it. I think they also have a lawsuit involved \nin that one, too, if I am not mistaken.\n    The Chairman. Mr. Scelson, one of the things that disturbs \na lot of us about this, and maybe you could comment on this, \ndoes it disturb you that so much of this is pornography, and \noccasionally child pornography?\n    Mr. Scelson. Yes, sir, totally. I personally do not send \nany adult material, have not sent adult material, and do not \nintend to, no matter how this boils out.\n    The Chairman. But it is up to--I understand about 20 \npercent of the spam.\n    Mr. Scelson. Yes, sir, it is, and most of the bad names \nthat all e-mail companies get is not Norton System Works being \nsold that is really making people upset, it is the adult \nindustry. Personally, you and I, even though I will not mail \nit, Playboy advertises that in the real world today nobody \nfrowns on it. Why? Because it is kept very low key. There is no \nnudity, there is no vulgarity, unless you are a paid member. \nThe porn you see in your e-mail today, all of us have seen, and \nit is just dreadful. My daughter is 9 years old, and she uses \nthe computer quite well, and she sees this, so I understand \nwhere you all are coming from this, and totally agree with you.\n    The Chairman. My time has expired.\n    Mr. Leonsis, you want to make a comment?\n    Mr. Leonsis. I think as an ISP, as I stated earlier, we \nhave a very strict covenant with our members on privacy and \nsecurity. It is called Terms of Service, and we never enter \ninto contracts to allow spam on our service. It is why the most \negregious spammers we are taking to court, and you have to read \nTOSS. It prohibits unsolicited bulk e-mail, and that applies \nwhether you are one of our partners or not. We have people that \npay us a lot of money, and sometimes it gets escalated to me on \nwhy cannot we spam, and we say, that is not what our rules \nallow, and so again, this is a utility function. You cannot \njust look at it as media, and an efficient way to deliver ad \nmessages.\n    The Chairman. Well, again, I was not challenging your \norganization, but if the so-called Pink Contracts are in \nexistence, then it is something we have to deal with.\n    Mr. Leonsis. There are none in our organization.\n    The Chairman. But there is ample testimony that they are in \nexistence.\n    Mr. Scelson. Senator McCain, again the contracts are not to \nsend spam. The contracts are to send e-mail that obeys all the \nlaws. There is no such thing as a spam contract. If you are \ngoing to violate a law, I have not seen a carrier yet sign a \ncontract for this.\n    The Chairman. Now we get into definitions. Senator Wyden, \ndo you want to go, or Senator Burns? Either way.\n    Senator Burns. I have a couple of questions, and I will \ntell you what I am going to do, I am going to set up a private \nlittle appointment with a couple of you, because we need to \nexplore some of this a little bit further.\n    We have heard you may get legislation that has unintended \nconsequences, and that worries me a little bit, and Mr. \nRotenberg, you are exactly right about some of these areas.\n    As you know, I am a free marketer. I like that, and I do \nnot want to get into a situation where we do have unintended \nconsequences. In other words, when you come up here and serve \nin the Senate you sort of file back here the little saying that \nsays, do no harm in everything that you do. I am wondering if \nthis legislation--now, this is the first time I have run into \nPink Contracts. Now, you would have thought I would have picked \nthat up along the way, but us country boys, we do not pick up \neverything.\n    This tells me that should you pass a law that you are \nactually falling into forcing people into the grips of maybe an \nenterprise that another middle man in business that somebody \ndoes not want to pay just to get your message to a legitimate \nmessage of what you have a return address that you really want \nto do business on the Internet, but you are putting another \nmiddle man in there, injecting one in there that is going to \ndrive the costs for both the consumer and the person that is \ndoing business. Is that a false way of looking at things? It \nwas not explained very well, but you understand where I am \ncoming from.\n    Mr. Salem. If I could make a quick comment, I think there \nhas to be a way to identify legitimate marketers, and that is \nsomething that is going to become very, very important so that \nwe can deliver messages from airlines or car companies, and so \nthere is going to have to be relationships between the direct \nmarketers and the carriers to make sure that that can happen, \nbecause what has happened to date is because some of those \nrelationships do not exist. They are all being treated the same \nin many cases.\n    Mr. Leonsis. Nine million reports a day on spam, and I \ncannot remember the last e-mail I received from an AOL member \nsaying, please send me spam, so I understand the concern about \nerring, or the pendulum swinging too far, but it is way over \nhere right now, and the laws that we are in discussion about \ntoday are very good steps, and as an industry we are going to \nwork with our State AGs, and we need your help to get that \npendulum back into a balance.\n    Senator Burns. If anybody wants to comment on this, because \nit is sort of an interesting idea.\n    Mr. Rotenberg. I think it is a very important point you \nmake, Senator. Consumer groups are not against the use of the \nInternet for advertising. In fact, one of the wonderful things \nabout the Internet for the consumer is the ability to get great \nprices on stuff you want, to be notified about books and \nauthors that you are interested in, to get travel deals, and a \nlot of people are signing up for those lists to get that \ninformation because it frankly gives them a good deal.\n    The problem, and I agree with Mr. Leonsis, the pendulum has \nswung so far in terms of the amount of marketing that the stuff \nyou desire is just getting drowned out. You cannot even find it \nany more, because there is so much junk you are getting with \nthe commercial marketing that you would like to receive, so I \nthink legislation is appropriate. I want to be clear on that \npoint. I think there is always a risk of unintended \nconsequences. I think legislation will help. I do not think it \nwill solve the problem, but I am sensitive to this issue of not \nclosing some doors you might want to leave open, and the \nquestion of state enforcement, particularly if they are issues \naround illegal business contracts, suddenly becomes very \nimportant.\n    Senator Burns. Anyone else? I want to hear a comment from \nall of you, really, basically.\n    Mr. Hughes. Senator Burns, this is clearly complex problem, \nand unintended consequences exist today. I would like to give \nyou two dystopian visions of the future we have about e-mail. \nOne is, we allow spam to proliferate, and all of us stop using \ne-mail because our inboxes have become so choked with spam. The \nother is, we use blunt instruments to solve spam, and in the \nprocess of fixing the problem we kill the killer app. We kill \ne-mail. That emerges in something called false positives. False \npositives are wanted messages that are unreceived because of a \nfilter or black list or some other tool to block them.\n    What we have seen in the marketplace today, there is a \nstudy that came out from a company called Assurance Systems, is \nthat in the fourth quarter of 2002 there was an average 15 \npercent false positive rate across the top 10 ISPs. That means \n15 percent of wanted messages, of legitimate messages were not \nbeing delivered the inboxes of recipients. That is one of the \nunintended consequences of the blunt instruments that we are \nusing. We need a much more balanced system to make sure that we \nkill spam but save e-mail.\n    Senator Burns. Yes, sir.\n    Mr. Scelson. Senator, I do totally agree there needs to be \nlegislation on it. Again, the solution that is in my written \ntestimony that I gave you all, you all have not got to see this \nyet. I am sure you will see it before the end of the day. It is \na no cost factor. It is very simple. There is no loss of \nunwanted mail, and one of the biggest complaints I have heard \nfrom people I send mail to is, there are over 2,000 bulk mail \ncompanies, not 200, that I am well aware in full existence out \nof 2,000 bulk companies you did not ask to receive mail in the \nfirst place.\n    Why should you have to remove from each one? The Government \ngets involved with the remove. Why should the Government have \nto spend tax dollars on a global remove system? The system I \npropose costs no money and gives the power back to the people.\n    The other thing I am looking for from the Government is, if \nI mail 100 percent within your laws, that companies like \nBrightmail will not filter the removes that are mandatory on \nus, and that carriers like BellSouth and AT&T and MSN will not \ncome in and shut my circuits down for sending legal mail, and \nright now that is basically what they are doing, so I cannot \nreveal who I am, but they are right, we need to.\n    Now, the same people that fight the spam have websites up \nthat I used to reveal exactly who I was, and everything about \nthe company website, the whole info. These people have my \nchildren\'s school on their website, my children\'s social \nsecurity numbers, they have threats in there that if nothing \nelse can stop me, maybe we should do something to their family. \nThey are not bluntly saying go out and hurt them, but they are \npushing strong accusations. I have never seen AOL or you all do \nanything like this, but a lot of these big anti-spam groups \nthat were at the FCC hearing, it is on their website. You have \nthe Internet, look for yourself. All I ask is, open your eyes \nto see it all.\n    Senator Burns. I am going to go to Senator Wyden now, but I \nappreciate those comments, and sure, we will take a very \nserious look at this, because I am still--we think we are on \nthe right track with our piece of legislation, but that is not \nto say that we are written in stone of a better idea or \nsomething that could be incorporated with what we are doing, \nand we will probably explore that as we move along.\n    Senator Wyden.\n    Senator Wyden. Thank you, Mr. Chairman. All of you were \nexcellent.\n    Mr. Scelson, a question for you to see if I can get it \nstraight. You said that you were above-board and complying with \nall the laws and trying to act in a straightforward way, but I \nthink I also heard you say, and I just want to clarify this, \nthat you are, in fact, disguising the source of the e-mail \nbecause you believe otherwise you are going to get blocked by \nISPs, is that right?\n    Mr. Scelson. Senator, that is a two-part question. I have \nnot sent 100 percent legal mail in the last 6 months, since my \nlast carrier breached a contract for sending legal mail. Since \nthat time, again, if I send right off of one IP their systems \ndetect how many e-mails come from one IP, will block this. If I \nsend right off of my real IP, the carrier will come in and yank \nthe circuit from me, so I have no choice but to hide this. I do \nnot want this. If I am told today, you mail legal we will not \nshut you down, my spam days are over with. There is no need for \nspam. There are legitimate ways to do this.\n    Senator Wyden. I understand that, and that is really what \nis at issue, and to your credit you are being very honest. What \nI think has concerned Senator Burns and I now for 4 years is \nthat the bottom line is, is that the recipient of the e-mail \ncannot really tell where it is coming from, number 1, and \nnumber 2, if the recipient, again empowering the consumer, \nwants to tell the ISP to do certain things to protect them, the \nrecipient is not in a position to do it. That is why we are \ntrying to come up with a legislative solution here.\n    And just a couple of other points. Is there any dispute \namong you five about the urgency of this effort, because I will \ntell you, it just seems to me that the volume of spam today \nreally has the potential of poisoning the medium, and doing it \nin a real hurry.\n    If you look at how fast it is going, I have been at this \nfor three or 4 years now, and I am going to be looking at \nSenator Nelson, who has an attractive idea, and Senator Schumer \nhas an attractive idea, but you know, those ideas of sending it \nto the Federal Trade Commission for 45 days, giving the \nexponential growth, I want us to move now, and I would just \nlike to make sure that all of you are clear for the record how \nurgent this is, and if it is not done quickly, you are really \ntalking about the potential to poison this medium.\n    Mr. Hughes. Senator, if I could, we needed legislation last \nyear, we needed it yesterday, we need it as soon as possible, \nbut more important than Federal preemptive legislation is, once \nwe have that, we need strong enforcement. Legislation will be \nuseless unless we create the deterrent effect that it is \nintended to create, so we are very supportive of legislation \ntoday.\n    Senator Wyden. I will tell you that beyond the fact that \nthe Federal Trade Commission 2 years ago said that the \nenforcement model on the Burns-Wyden bill worked well, I am \nabsolutely convinced, having worked on these issues since the \ndays when I was Director of the Gray Panthers, that you bring a \nmodest number of enforcement actions--you are not going to have \nto bring hundreds, but you bring a modest number of enforcement \nactions that are tough, that send a real message out there, \nthat there are going to be consequences, that there are going \nto be significant consequences, and I think you change the \nworld out there in the cyber arena.\n    The only other point I wanted to make sure we were on the \nrecord, Mr. Rotenberg, you know I have enormous respect for you \nand what your organization does. We work with you on everything \nfrom the total information awareness program to CAPS, privacy \nissues and the like, but clearly what the states are doing is \nnot working. We have got 30 states now that have enacted anti-\nspam statutes. If this was going to be solved at the state \nlevel, it would seem to me what the states would have put \ntogether collectively would have been more effective. Do any of \nyou disagree with the proposition that Senator Burns and I have \nbeen advancing that this has got to be dealt with at the \nnational level?\n    Mr. Salem. Just a couple of comments, Senator Wyden. First, \nthere is definitely an urgency on this problem right now. A lot \nof the state legislation has talked about labeling. Labeling \nhas not proven to help us solve the problem, so I think that is \nsomething that does need to be looked at as your bill continues \nforward. I think the other thing that I would say is that we \nare going to need to invent some technology, because in my \ntestimony I said 90 percent of e-mail today is untraceable, so \nthere is some form of deception that is making it hard to \nidentify who is sending it, and that is why I am surprised it \ntook 24 hours.\n    I think that is good, because we actually have data filters \nevery five to 10 minutes to try to stay ahead of the spammers, \nbecause that is what is required to block and keep spam out of \ninboxes, so we absolutely support what you are doing. We would \nlike to continue to help shape it so that it can be enforced, \nbut there is going to have to be some technology invention so \nwe can track who is the originator of that mail.\n    Senator Wyden. It is a fair point, and that is one of the \nreasons we tried to give a wide berth as it relates to the \nenforcement tools. We have got four enforcement tools, we have \ngot flexibility for the Federal Trade Commission, because we \nknow that the spammers are not technological simpletons. They \nare people who are constantly going to be on the cutting edge, \nand you can act on Tuesday and they will be devising something \non Thursday.\n    The last point that I wanted to ask about was the question \nin the New York Times report yesterday that indicated that in \nthe last 2 years 200,000 computers worldwide had been hijacked \nwithout the owners\' knowledge, and are currently being used to \nforward spam.\n    Now, in our legislation, we say that you cannot use an \noriginating e-mail address the access to which was obtained by \nmeans of false or fraudulent pretenses or representations. We \nthink that that might have been a useful tool had it been \nenacted to try top prevent the hijacking, but I am going to \nturn this over to Senator Nelson to wrap up.\n    We would just like you to look at that language, because it \nmay need some tweaking, but my sense is that had that part of \nthe Burns-Wyden bill been on the books, that could have been \nused to derail that very serious hijacking situation, and we \nwould like you to work with us, and I am not saying this is the \nlast word.\n    Mr. Rotenberg.\n    Mr. Rotenberg. I wanted to say we very much supported the \nefforts to pass Federal legislation. We think it is necessary. \nWe think your bill is a good model. We completely agree that \nthere has to be a strong national approach. I think the FTC has \ndone good work and the workshop was good, and I think the \nenforcement intentions are there.\n    As I said, I think the real concern is simply, if you close \nthe door on the states, which is not to say that they solved \nthe problem, but if you largely prevent them from pursuing the \nproblem, then I think that raises some problems, but beyond \nthat, I think there is a lot of support in the consumer \ncommunity, and it was the consumer groups actually a couple of \nyears ago, to their credit, that said we have got to get a \nhandle on the spam problem, because otherwise the Internet is \ngoing to be largely useless in terms of consumer use, and the \ngroups that we have worked with have said, make this a \npriority, so I think if it can be done right, it will be a \ngreat accomplishment.\n    Senator Wyden. You are absolutely right. We would not be \nanywhere near where we are without the consumer groups, and you \nare absolutely right on that point. The reason that Senator \nBurns and I give that activist role to the state Attorneys \nGeneral to bring actions is that we think, again, that they \nbring a modest number of those actions, and that is a \nsignificant deterrent.\n    And my final message to you five, because you have been \nexcellent, keep the heat on us and do not let the Congress \ndawdle on this. At every possible stage for the last three or 4 \nyears Senator Burns and I have been up against this argument. \nWell, now is not really the time. We need to study this. We \nneed to send it to the Committee on Acoustics and Ventilation \nand let them look at it for another 6 months, and we cannot \nafford it. Ted Leonsis has made the point that this has grown \nso dramatically that we cannot afford to let that happen.\n    There are a lot of good ideas in the Congress. We should \nlook at them. You should tell us how to make them fit into an \nintegrated system, but my message is, do not let the Congress \ndawdle now, do not let the Congress delay, so that we can get \nthis passed.\n    Mr. Chairman, are you going to chair? I know Senator Nelson \nhad some questions.\n    Senator Burns. I do not have any more, and it is almost \nlunchtime, and I have never missed a meal and by God I do not \nplan to.\n    Senator Nelson. Well, you can just turn the Committee over \nto me.\n    [Laughter.]\n    Senator Burns. We already did that a while ago and it did \nnot work, Senator.\n    [Laughter.]\n    Senator Nelson. We got a lot of business done while you \nwere gone.\n    Senator Burns. You proceed on, please, Senator. We signed \non for the term.\n    Senator Nelson. Mr. Chairman, one of the characterizations \nthat I would modify in some of your characterizations, your \nconcern naturally about impeding the normal intercourse of \ncommerce, and that is a legitimate concern also expressed by \nMr. Scelson, but the difference, I think, that I would look at \nit, you gave the example of walking down the street and seeing \nadvertisements, and that is in a public domain.\n    I think when you get into personal mail coming into a \npersonal box sitting in your personal home, then it is a little \nbit different, and that is what I think rises this to the level \nof concern where I think we are going to have to have some \ncriminal laws applicable. I would love to have your response to \nthat.\n    Mr. Scelson. Senator, based upon what you said is basically \nthe reason I am fighting. That choice is the individual\'s \nright. No offense to any of these individual companies. They \nshould not decide if they are going to censor, read or destroy \nyour legal mail. As an individual, that should be that person\'s \nright to decide. If the carriers did not shut you down for \ndoing it the right way, ADV is a way that as soon as you open \nyour e-mail you know you can get rid of it. My IPs would never \nchange. If the individual wanted to block me, I have no \nproblems with this. It is the companies that are going in and \ndestroying your mail.\n    If I go to your office and decide to go snoop through your \nmail and decide what you are going to get, I am not going to \nmake it out the front door without going to jail, but at the \nsame time, these filters are taking from your rights. They say \na computer is doing this. There is nothing wrong with it. A \nhuman does not see this. Well, as an example, if you shoot \nsomeone with a gun, the gun shot him, not me. But I am a human, \nI squeeze that trigger, I am responsible.\n    When they filter and censor people\'s mail, a human is \nsitting in that entity. A human is responsible for destroying \nyour private mail. It is the same scenario. What you are saying \nis absolutely correct.\n    Senator Nelson. Well, the temporary Chairman characterized \nthe problem at one point as weeds, weeds growing up, you use \nsome Round-Up on them, get rid of the weeds, and I interjected \nwith a big smile on my face. I said, it is not weeds, it is \nsnakes in the weeds, and when the pornography starts coming at \nme, I think that is poisonous snakes, and that is where we have \ngot to figure out some way to draw the line.\n    Let me just ask one final question. Twenty-nine states have \ngrappled with this, the most recent of which is Virginia, which \nhas the strongest law, and so since Mr. Leonsis is from \nVirginia, what do you like about the new Virginia law, and are \nthere parts of that that could serve for us to incorporate in \nthis Federal legislation?\n    Mr. Leonsis. Well, the Virginia law really worked in tandem \nwith what we can do commercially, and where we like the law, it \nreally does give teeth especially to the Attorney General, and \nI think in all cases at the state level it is the Attorney \nGeneral who has to go in and do the biting, and I think what is \nreally important is that there be a rules of the road on a \nnational level, and the states, looking at their individual \nlaws we will have to deal with, it would be much better if we \nhad a unified view from the top down, but we always need to be \nable to empower the AGs to go execute the law state by state.\n    Senator Burns. If the Senator would yield, what drove us in \nthis direction, Senator Nelson, was the fact that some of us \nthat has been here for a day or two know and understand and see \nthe ramifications of trying to pass legislation that one size \nfits all for 50 states, and it does not work. We tried to write \npolicy in agriculture, I mean, a host of things that it just \ndoes not work, so that is the reason we did not want to take a \ngiant step that erodes the state\'s ability to deal with the \nsituation. That is the reason we went down the road we went \ndown.\n    Senator Nelson. Well, I would just give in response, from \nthe basis of my experience when I was in the state legislature \nin the 1970s, I passed the first computer crimes law in the \nNation, giving prosecutors the tools to go after the more \nsophisticated type of criminal that was using a computer \ninstead of a crowbar.\n    When I came to Congress, I passed the Federal computer \ncrimes law. Now, it was a law that had Federal application, but \nit supplemented what the states were starting to do, and we \nhave got to kind of find this balance. I can understand Mr. \nScelson. He would be going nuts if he had to deal with 50 \ndifferent state standards, and so somehow you have got to have \nperhaps if there is a stronger standard in a state, that that \ntakes precedence over the Federal law, but that there would be \na uniformity with the Federal law to which they could then \ncomply.\n    Mr. Scelson. Excuse me, Senator, what I am about to tell \nyou has never been challenged before, and very few people are \naware of this. There is a website called w3c.com. It is all the \nguidelines that were presented by the Federal Government when \nthe Internet was released to the people. In those guidelines it \nstates, ``states do not have the right to pass laws pertaining \nto the Internet.\'\' It has not stopped anyone. It has not been \nchanged on that site, so if that is true, then Federal law is \nthe only way to go with this, but as of so far, no one has ever \nfought or challenged this to my knowledge.\n    Senator Burns. Well, thank you, and Senator Nelson, we \nthank you for your participation. We are going to leave this \nrecord open for a couple of weeks if there is something else, \nand there are other Senators that will probably want to make \ninquiries, so if there are, you can respond both to the \nSenators and the Committee, and we thank you for your testimony \ntoday, and this Committee is adjourned.\n    [Whereupon, at 12:30 p.m., the hearing was adjourned.]\n\n                                  <all>\n\x1a\n</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body></html>\n'